diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-03-13 09:45:25 +0100 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2019-03-14 10:22:31 +0100 |
| commit | 969fc45032ee9a2c4ae73b38d16eaa2f0aac2b42 (patch) | |
| tree | a987201b327bcf30a2815a7aa5811fea247f4d22 /lib/private/User | |
| parent | 6331f174d3dbf9d088f7f65d5d51032fd4e1095f (diff) | |
| download | nextcloud-server-969fc45032ee9a2c4ae73b38d16eaa2f0aac2b42.tar.gz nextcloud-server-969fc45032ee9a2c4ae73b38d16eaa2f0aac2b42.zip | |
Do not allow invalid users to be created
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/User')
| -rw-r--r-- | lib/private/User/Manager.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index 62f02915c39..4e3eea37336 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -279,6 +279,10 @@ class Manager extends PublicEmitter implements IUserManager { * @return bool|IUser the created user or false */ public function createUser($uid, $password) { + if (!$this->verifyUid($uid)) { + return false; + } + $localBackends = []; foreach ($this->backends as $backend) { if ($backend instanceof Database) { @@ -598,4 +602,14 @@ class Manager extends PublicEmitter implements IUserManager { return ($u instanceof IUser); })); } + + private function verifyUid(string $uid): bool { + $appdata = 'appdata_' . $this->config->getSystemValueString('instanceid'); + + if ($uid === '.htaccess' || $uid === 'files_external' || $uid === '.ocdata' || $uid === 'owncloud.log' || $uid === 'nextcloud.log' || $uid === $appdata) { + return false; + } + + return true; + } } |