wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Do not allow invalid users to be created

Browse source 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2019-03-13 09:45:25 +01:00 committed by Morris Jobke
parent 6331f174d3
commit 969fc45032
No known key found for this signature in database
GPG key ID: FE03C3A163FEDE68
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
lib/private/User/Manager.php
View file

@ -279,6 +279,10 @@ class Manager extends PublicEmitter implements IUserManager {
* @return bool|IUser the created user or false
*/
public function createUser($uid, $password) {
if (!$this->verifyUid($uid)) {
return false;
}
$localBackends = [];
foreach ($this->backends as $backend) {
if ($backend instanceof Database) {
@ -598,4 +602,14 @@ class Manager extends PublicEmitter implements IUserManager {
return ($u instanceof IUser);
}));
}
private function verifyUid(string $uid): bool {
$appdata = 'appdata_' . $this->config->getSystemValueString('instanceid');
if ($uid === '.htaccess' || $uid === 'files_external' || $uid === '.ocdata' || $uid === 'owncloud.log' || $uid === 'nextcloud.log' || $uid === $appdata) {
return false;
}
return true;
}
}