summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2017-04-12 10:29:28 +0200
committerJoas Schilling <coding@schilljs.com>2017-04-18 14:29:34 +0200
commita3922bbcdc04d13c4e9614e0a29506c2fc8c7989 (patch)
tree53e719877d12b186d1ebe20145d58975da80c280 /lib
parentb072d2c49d6f61c2b55abf12e04bdf2166dbd4f4 (diff)
downloadnextcloud-server-a3922bbcdc04d13c4e9614e0a29506c2fc8c7989.tar.gz
nextcloud-server-a3922bbcdc04d13c4e9614e0a29506c2fc8c7989.zip
Better validation of allowed user names
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/User/Manager.php6
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php
index b62b04febaf..6220613cbb1 100644
--- a/lib/private/User/Manager.php
+++ b/lib/private/User/Manager.php
@@ -295,9 +295,13 @@ class Manager extends PublicEmitter implements IUserManager {
throw new \Exception($l->t('A valid username must be provided'));
}
// No whitespace at the beginning or at the end
- if (strlen(trim($uid, "\t\n\r\0\x0B\xe2\x80\x8b")) !== strlen(trim($uid))) {
+ if (trim($uid) !== $uid) {
throw new \Exception($l->t('Username contains whitespace at the beginning or at the end'));
}
+ // Username only consists of 1 or 2 dots (directory traversal)
+ if ($uid === '.' || $uid === '..') {
+ throw new \Exception($l->t('Username must not consist of dots only'));
+ }
// No empty password
if (trim($password) == '') {
throw new \Exception($l->t('A valid password must be provided'));
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 23:06:30 +0000
light .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
{ "translations": {
    "Federated sharing" : "Deiling milli þjóna (skýjasambandssameign)",
    "Do you want to add the remote share {name} from {owner}@{remote}?" : "Viltu bæta við fjartengdri sameign {name} frá {owner}@{remote}?",
    "Remote share" : "Fjartengd sameign",
    "Remote share password" : "Lykilorð fjartengdrar sameignar",
    "Cancel" : "Hætta við",
    "Add remote share" : "Bæta við fjartengdri sameign",
    "Copy" : "Afrita",
    "Copied!" : "Afritað!",
    "Not supported!" : "Ekki stutt!",
    "Press ⌘-C to copy." : "Ýttu á ⌘-C til að afrita.",
    "Press Ctrl-C to copy." : "Ýttu á Ctrl-C til að afrita.",
    "Invalid Federated Cloud ID" : "Ógilt skýjasambandsauðkenni (Federated Cloud ID)",
    "Server to server sharing is not enabled on this server" : "Deiling frá þjóni til þjóns er ekki virk á þessum þjóni",
    "Couldn't establish a federated share." : "Gat ekki bætt við skýjasambandssameign.",
    "Couldn't establish a federated share, maybe the password was wrong." : "Gat ekki bætt við skýjasambandssameign, hugsanlega var lykilorðið ekki rétt.",
    "Federated Share request sent, you will receive an invitation. Check your notifications." : "Sendi beiðni um skýjasambandssameign, þú munt fá boðskort. Athugaðu skilaboð til þín.",
    "Couldn't establish a federated share, it looks like the server to federate with is too old (Nextcloud <= 9)." : "Gat ekki bætt við skýjasambandssameign, það lítur út fyrir að þjónninn sem á að koma sambandi við sé of gamall (Nextcloud <= 9).",
    "Sharing %s failed, because this item is already shared with %s" : "Deiling %s mistókst, því þessu atriði er þegar deilt með %s",
    "Not allowed to create a federated share with the same user" : "Ekki er heimilt að búa til skýjasambandssameign með sama notanda",
    "File is already shared with %s" : "Skránni er þegar deilt með %s",
    "Sharing %s failed, could not find %s, maybe the server is currently unreachable or uses a self-signed certificate." : "Deiling %s mistókst, gat ekki fundið %s, hugsanlega er þjónninn ekki tiltækur í augnablikinu eða að hann notar sjálfundirritað skilríki.",
    "Could not find share" : "Gat ekki fundið sameign",
    "You received \"%3$s\" as a remote share from %1$s (on behalf of %2$s)" : "Þú tókst við \"%3$s\" sem fjartengdri sameign frá %1$s (fyrir hönd %2$s)",
    "You received {share} as a remote share from {user} (on behalf of {behalf})" : "Þú tókst við {share} sem fjartengdri sameign frá {user} (fyrir hönd {behalf})",
    "You received \"%3$s\" as a remote share from %1$s" : "Þú tókst við \"%3$s\" sem fjartengdri sameign frá %1$s",
    "You received {share} as a remote share from {user}" : "Þú tókst við {share} sem fjartengdri sameign frá {user}",
    "Accept" : "Samþykkja",
    "Decline" : "Hafna",
    "Share with me through my #Nextcloud Federated Cloud ID, see %s" : "Deila með mér í gegnum víðværa skýjasambandsauðkennið mitt #Nextcloud Federated Cloud ID, sjá %s",
    "Share with me through my #Nextcloud Federated Cloud ID" : "Deila með mér í gegnum víðværa skýjasambandsauðkennið mitt #Nextcloud Federated Cloud ID",
    "Sharing" : "Deiling",
    "Federated file sharing" : "Deiling skráa milli þjóna (skýjasambandssameign)",
    "Federated Cloud Sharing" : "Deiling með skýjasambandi",
    "Open documentation" : "Opna hjálparskjöl",
    "Adjust how people can share between servers." : "Stilltu hvernig fólk getur deilt á milli þjóna.",
    "Allow users on this server to send shares to other servers" : "Leyfa notendum á þessum þjóni að senda sameignir til annarra þjóna",
    "Allow users on this server to receive shares from other servers" : "Leyfa notendum á þessum þjóni að taka á móti sameignum frá öðrum þjónum",
    "Search global and public address book for users" : "Leita að notendum í víðværri og opinberri vistfangaskrá",
    "Allow users to publish their data to a global and public address book" : "Leifa notendum að birta gögnin sín í víðværri og opinberri vistfangaskrá",
    "Federated Cloud" : "Skýjasamband (federated)",
    "You can share with anyone who uses Nextcloud, ownCloud or Pydio! Just put their Federated Cloud ID in the share dialog. It looks like person@cloud.example.com" : "Þú getur deilt með hverjum þeim sem notar Nextcloud, ownCloud eða Pydio! Settu bara skýjasambandsauðkennið þeirra (Federated Cloud ID) inn í deilingargluggann. Það lítur út svipað og einstaklingur@tölvuský.dæmi.is",
    "Your Federated Cloud ID:" : "Skýjasambandsauðkennið þitt (Federated Cloud ID):",
    "Share it so your friends can share files with you:" : "Deildu þessu svo að vinir þínir geti deilt skrám með þér:",
    "Add to your website" : "Bæta við vefsvæðið þitt",
    "Share with me via Nextcloud" : "Deila með mér í gegnum Nextcloud",
    "HTML Code:" : "HTML-kóði:",
    "The mountpoint name contains invalid characters." : "Heiti tengipunktsins inniheldur ógilda stafi.",
    "Not allowed to create a federated share with the owner." : "Ekki er heimilt að búa til skýjasambandssameign með eigandanum.",
    "Invalid or untrusted SSL certificate" : "Ógilt eða vantreyst SSL-skilríki",
    "Could not authenticate to remote share, password might be wrong" : "Gat ekki auðkennt á fjartengdri sameign, lykilorð gæti verið rangt",
    "Storage not valid" : "Geymslan er ekki gild",
    "Federated share added" : "Bætti við skýjasambandssameign",
    "Couldn't add remote share" : "Gat ekki bætt við fjartengdri sameign",
    "Search global and public address book for users and let local users publish their data" : "Leita að notendum í víðværri og opinberri vistfangaskrá og leyfa staðværum notendum að birta gögnin sín"
},"pluralForm" :"nplurals=2; plural=(n % 10 != 1 || n % 100 == 11);"
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 23:06:27 +0000