From 0501d8daacde4a67610210f2543d24c462d9098c Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Fri, 24 Jun 2016 09:20:13 +0200
Subject: Prevent negative or non-number values in quota input

---
 settings/js/users/users.js | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'settings/js/users')

diff --git a/settings/js/users/users.js b/settings/js/users/users.js
index a4d88204861..2524a1da0bb 100644
--- a/settings/js/users/users.js
+++ b/settings/js/users/users.js
@@ -582,6 +582,12 @@ var UserList = {
 		if (quota === 'other') {
 			return;
 		}
+		if (isNaN(parseInt(quota, 10)) || parseInt(quota, 10) < 0) {
+			// the select component has added the bogus value, delete it again
+			$select.find('option[selected]').remove();
+			OC.Notification.showTemporary(t('core', 'Invalid quota value "{val}"', {val: quota}));
+			return;
+		}
 		UserList._updateQuota(uid, quota, function(returnedQuota){
 			if (quota !== returnedQuota) {
 				$select.find(':selected').text(returnedQuota);
-- 
cgit v1.2.3