Check limit and offset parameters sent to controller

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
author: Côme Chilliet <come.chilliet@nextcloud.com> 2023-10-10 10:43:18 +0200
committer: Côme Chilliet <come.chilliet@nextcloud.com> 2023-10-10 10:43:18 +0200
commit: e51d20479e70320486385a4787f5d09abdd6ed4e (patch)
tree: 03e9203770393932e34eb72b534009ce92f09c5d /apps/provisioning_api
parent: afcebd1e928f6131122bc166af2b37c24717891f (diff)
download: nextcloud-server-e51d20479e70320486385a4787f5d09abdd6ed4e.tar.gz
nextcloud-server-e51d20479e70320486385a4787f5d09abdd6ed4e.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index 95778eff366..97d94ecb407 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -246,6 +246,13 @@ class UsersController extends AUserData {
 		if ($currentUser === null) {
 			return new DataResponse(['users' => []]);
 		}
+		if ($limit !== null && $limit < 0) {
+			throw new InvalidArgumentException("Invalid limit value: $limit");
+		}
+		if ($offset < 0) {
+			throw new InvalidArgumentException("Invalid offset value: $offset");
+		}
+
 		$users = [];
 
 		// Admin? Or SubAdmin?
author	Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-10 10:43:18 +0200
committer	Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-10 10:43:18 +0200
commit	e51d20479e70320486385a4787f5d09abdd6ed4e (patch)
tree	03e9203770393932e34eb72b534009ce92f09c5d /apps/provisioning_api
parent	afcebd1e928f6131122bc166af2b37c24717891f (diff)
download	nextcloud-server-e51d20479e70320486385a4787f5d09abdd6ed4e.tar.gz nextcloud-server-e51d20479e70320486385a4787f5d09abdd6ed4e.zip