summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoas Schilling <213943+nickvergessen@users.noreply.github.com>2019-03-14 12:05:34 +0100
committerGitHub <noreply@github.com>2019-03-14 12:05:34 +0100
commit762a8bb3d9521a9f75d9e186150cb77241b3bc19 (patch)
treea987201b327bcf30a2815a7aa5811fea247f4d22
parent6331f174d3dbf9d088f7f65d5d51032fd4e1095f (diff)
parent969fc45032ee9a2c4ae73b38d16eaa2f0aac2b42 (diff)
downloadnextcloud-server-762a8bb3d9521a9f75d9e186150cb77241b3bc19.tar.gz
nextcloud-server-762a8bb3d9521a9f75d9e186150cb77241b3bc19.zip
Merge pull request #14652 from nextcloud/fix/invalid_usernames
Do not allow invalid users to be created
Diffstat
-rw-r--r--lib/private/User/Manager.php14
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php
index 62f02915c39..4e3eea37336 100644
--- a/lib/private/User/Manager.php
+++ b/lib/private/User/Manager.php
@@ -279,6 +279,10 @@ class Manager extends PublicEmitter implements IUserManager {
* @return bool|IUser the created user or false
*/
public function createUser($uid, $password) {
+ if (!$this->verifyUid($uid)) {
+ return false;
+ }
+
$localBackends = [];
foreach ($this->backends as $backend) {
if ($backend instanceof Database) {
@@ -598,4 +602,14 @@ class Manager extends PublicEmitter implements IUserManager {
return ($u instanceof IUser);
}));
}
+
+ private function verifyUid(string $uid): bool {
+ $appdata = 'appdata_' . $this->config->getSystemValueString('instanceid');
+
+ if ($uid === '.htaccess' || $uid === 'files_external' || $uid === '.ocdata' || $uid === 'owncloud.log' || $uid === 'nextcloud.log' || $uid === $appdata) {
+ return false;
+ }
+
+ return true;
+ }
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-13 18:07:39 +0000