From ed8a98eaa1e44d172b838c5c9caa74261ac27eb1 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 17 Aug 2017 12:08:40 +0200 Subject: Prevent SQL error message in case of error `\OC\User\Database::createUser` can throw a PHP exception in case the UID is longer than permitted in the database. This is against it's PHPDocs and we should cast this to `false`, so that the regular error handling triggers in. The easiest way to reproduce is on MySQL: 1. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel 2. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel again 3. See SQL exception as error message Signed-off-by: Lukas Reschke --- lib/private/User/Database.php | 6 +++++- lib/private/User/Manager.php | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php index 73506c7d7c5..79032cfd405 100644 --- a/lib/private/User/Database.php +++ b/lib/private/User/Database.php @@ -92,7 +92,11 @@ class Database extends Backend implements IUserBackend { $event = new GenericEvent($password); $this->eventDispatcher->dispatch('OCP\PasswordPolicy::validate', $event); $query = \OC_DB::prepare('INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )'); - $result = $query->execute(array($uid, \OC::$server->getHasher()->hash($password))); + try { + $result = $query->execute(array($uid, \OC::$server->getHasher()->hash($password))); + } catch (\Exception $e) { + $result = false; + } // Clear cache unset($this->cache[$uid]); diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index 8f3c98d4b5e..6b6c10ab295 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -349,7 +349,10 @@ class Manager extends PublicEmitter implements IUserManager { } $this->emit('\OC\User', 'preCreateUser', [$uid, $password]); - $backend->createUser($uid, $password); + $state = $backend->createUser($uid, $password); + if($state === false) { + throw new \InvalidArgumentException($l->t('Could not create user')); + } $user = $this->getUserObject($uid, $backend); if ($user instanceof IUser) { $this->emit('\OC\User', 'postCreateUser', [$user, $password]); -- cgit v1.2.3