diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/User/Manager.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index b62b04febaf..6220613cbb1 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -295,9 +295,13 @@ class Manager extends PublicEmitter implements IUserManager { throw new \Exception($l->t('A valid username must be provided')); } // No whitespace at the beginning or at the end - if (strlen(trim($uid, "\t\n\r\0\x0B\xe2\x80\x8b")) !== strlen(trim($uid))) { + if (trim($uid) !== $uid) { throw new \Exception($l->t('Username contains whitespace at the beginning or at the end')); } + // Username only consists of 1 or 2 dots (directory traversal) + if ($uid === '.' || $uid === '..') { + throw new \Exception($l->t('Username must not consist of dots only')); + } // No empty password if (trim($password) == '') { throw new \Exception($l->t('A valid password must be provided')); |