From c0868f93f1175c32379f6e64b245b724c40478be Mon Sep 17 00:00:00 2001
From: Christopher Ng <chrng8@gmail.com>
Date: Tue, 28 Jun 2022 18:03:15 +0000
Subject: Do not save invalid display name to the database

Signed-off-by: Christopher Ng <chrng8@gmail.com>
---
 lib/private/User/Database.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/private/User/Database.php')

diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
index 4821a2fc632..fce7551c242 100644
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@@ -215,6 +215,10 @@ class Database extends ABackend implements
 	 * Change the display name of a user
 	 */
 	public function setDisplayName(string $uid, string $displayName): bool {
+		if (mb_strlen($displayName) > 64) {
+			return false;
+		}
+
 		$this->fixDI();
 
 		if ($this->userExists($uid)) {
-- 
cgit v1.2.3