upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-26 11:22:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge pull request #15072 from nextcloud/backport/14652/stable14

Browse source 
[stable14] Do not allow invalid users to be created
This commit is contained in:
Morris Jobke 2019-04-15 12:00:53 +02:00 committed by GitHub
commit cfd5cdbbf3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
lib/private/User/Manager.php
View file

@ -280,6 +280,10 @@ class Manager extends PublicEmitter implements IUserManager {
* @return bool|IUser the created user or false
*/
public function createUser($uid, $password) {
if (!$this->verifyUid($uid)) {
return false;
}
$localBackends = [];
foreach ($this->backends as $backend) {
if ($backend instanceof Database) {
@ -599,4 +603,14 @@ class Manager extends PublicEmitter implements IUserManager {
return ($u instanceof IUser);
}));
}
private function verifyUid(string $uid): bool {
$appdata = 'appdata_' . $this->config->getSystemValue('instanceid');
if ($uid === '.htaccess' || $uid === 'files_external' || $uid === '.ocdata' || $uid === 'owncloud.log' || $uid === 'nextcloud.log' || $uid === $appdata) {
return false;
}
return true;
}
}