diff options
| author | Christopher Ng <chrng8@gmail.com> | 2022-06-28 18:03:15 +0000 |
|---|---|---|
| committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2022-07-06 20:54:17 +0000 |
| commit | 51e20dd6c56e8f9221f9019f83a2abe61a90c4f6 (patch) | |
| tree | 5109266f79b2f48090ac8343ef7d7f4fafb0438f | |
| parent | 6dd941aba09b507ad14bf2d0ee5b86376c5dbd33 (diff) | |
| download | nextcloud-server-51e20dd6c56e8f9221f9019f83a2abe61a90c4f6.tar.gz nextcloud-server-51e20dd6c56e8f9221f9019f83a2abe61a90c4f6.zip | |
Do not save invalid display name to the database
Signed-off-by: Christopher Ng <chrng8@gmail.com>
| -rw-r--r-- | apps/provisioning_api/lib/Controller/UsersController.php | 4 | ||||
| -rw-r--r-- | lib/private/User/Database.php | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index a26479ba0a8..839ac404c94 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -837,7 +837,9 @@ class UsersController extends AUserData { switch ($key) { case self::USER_FIELD_DISPLAYNAME: case IAccountManager::PROPERTY_DISPLAYNAME: - $targetUser->setDisplayName($value); + if (!$targetUser->setDisplayName($value)) { + throw new OCSException('Invalid displayname', 102); + } break; case self::USER_FIELD_QUOTA: $quota = $value; diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php index a9464c27085..1470409c862 100644 --- a/lib/private/User/Database.php +++ b/lib/private/User/Database.php @@ -215,6 +215,10 @@ class Database extends ABackend implements * Change the display name of a user */ public function setDisplayName(string $uid, string $displayName): bool { + if (mb_strlen($displayName) > 64) { + return false; + } + $this->fixDI(); if ($this->userExists($uid)) { |