From c0868f93f1175c32379f6e64b245b724c40478be Mon Sep 17 00:00:00 2001
From: Christopher Ng <chrng8@gmail.com>
Date: Tue, 28 Jun 2022 18:03:15 +0000
Subject: Do not save invalid display name to the database

Signed-off-by: Christopher Ng <chrng8@gmail.com>
---
 apps/provisioning_api/lib/Controller/UsersController.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'apps/provisioning_api')

diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index a26479ba0a8..839ac404c94 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -837,7 +837,9 @@ class UsersController extends AUserData {
 		switch ($key) {
 			case self::USER_FIELD_DISPLAYNAME:
 			case IAccountManager::PROPERTY_DISPLAYNAME:
-				$targetUser->setDisplayName($value);
+				if (!$targetUser->setDisplayName($value)) {
+					throw new OCSException('Invalid displayname', 102);
+				}
 				break;
 			case self::USER_FIELD_QUOTA:
 				$quota = $value;
-- 
cgit v1.2.3