diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2018-03-05 19:37:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-05 19:37:17 +0100 |
| commit | c2320aea228e7c58d2e77038ca14a80486a9073c (patch) | |
| tree | e2358e4146d21cae825ab03ad1979e8a81cba443 /apps/user_ldap/lib | |
| parent | 444159ddb0166b79e4e675fcfbe803fe140616c9 (diff) | |
| parent | 47a10bd25aadae5774fb4c011810c9d4edc53949 (diff) | |
| download | nextcloud-server-c2320aea228e7c58d2e77038ca14a80486a9073c.tar.gz nextcloud-server-c2320aea228e7c58d2e77038ca14a80486a9073c.zip | |
Merge pull request #8634 from nextcloud/ldap-no-empty-names
do not create empty userid when attribute does not have allowed chars
Diffstat (limited to 'apps/user_ldap/lib')
| -rw-r--r-- | apps/user_ldap/lib/Access.php | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index c02cc968637..0cbe8fd3028 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -579,7 +579,19 @@ class Access extends LDAPUtility implements IUserTools { } else { $username = $uuid; } - $intName = $this->sanitizeUsername($username); + try { + $intName = $this->sanitizeUsername($username); + } catch (\InvalidArgumentException $e) { + \OC::$server->getLogger()->logException($e, [ + 'app' => 'user_ldap', + 'level' => Util::WARN, + ]); + // we don't attempt to set a username here. We can go for + // for an alternative 4 digit random number as we would append + // otherwise, however it's likely not enough space in bigger + // setups, and most importantly: this is not intended. + return false; + } } else { $intName = $ldapName; } @@ -1291,16 +1303,22 @@ class Access extends LDAPUtility implements IUserTools { /** * @param string $name - * @return bool|mixed|string + * @return string + * @throws \InvalidArgumentException */ public function sanitizeUsername($name) { + $name = trim($name); + if($this->connection->ldapIgnoreNamingRules) { - return trim($name); + return $name; } - // Transliteration - // latin characters to ASCII - $name = iconv('UTF-8', 'ASCII//TRANSLIT', $name); + // Transliteration to ASCII + $transliterated = @iconv('UTF-8', 'ASCII//TRANSLIT', $name); + if($transliterated !== false) { + // depending on system config iconv can work or not + $name = $transliterated; + } // Replacements $name = str_replace(' ', '_', $name); @@ -1308,6 +1326,10 @@ class Access extends LDAPUtility implements IUserTools { // Every remaining disallowed characters will be removed $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name); + if($name === '') { + throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters'); + } + return $name; } |