diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2017-04-18 20:04:32 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-18 20:04:32 -0500 |
| commit | f1ddb939a0f263582acbadf4e2dd6277638f2ce3 (patch) | |
| tree | 592cbf56707c55fe76646d7fc6b165461b4eaf66 /lib | |
| parent | febe01f571c10a38abaf642d4c71afb452cf0dc6 (diff) | |
| parent | a3922bbcdc04d13c4e9614e0a29506c2fc8c7989 (diff) | |
| download | nextcloud-server-f1ddb939a0f263582acbadf4e2dd6277638f2ce3.tar.gz nextcloud-server-f1ddb939a0f263582acbadf4e2dd6277638f2ce3.zip | |
Merge pull request #4371 from nextcloud/dont-allow-dot-usernames
Better validation of allowed user names
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/User/Manager.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index b62b04febaf..6220613cbb1 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -295,9 +295,13 @@ class Manager extends PublicEmitter implements IUserManager { throw new \Exception($l->t('A valid username must be provided')); } // No whitespace at the beginning or at the end - if (strlen(trim($uid, "\t\n\r\0\x0B\xe2\x80\x8b")) !== strlen(trim($uid))) { + if (trim($uid) !== $uid) { throw new \Exception($l->t('Username contains whitespace at the beginning or at the end')); } + // Username only consists of 1 or 2 dots (directory traversal) + if ($uid === '.' || $uid === '..') { + throw new \Exception($l->t('Username must not consist of dots only')); + } // No empty password if (trim($password) == '') { throw new \Exception($l->t('A valid password must be provided')); |