From 879917f5f1e1a02e34d89172de24f1d2ae0a1fab Mon Sep 17 00:00:00 2001
From: Vincent Chan <plus.vincchan@gmail.com>
Date: Tue, 2 Feb 2016 14:56:19 +0100
Subject: [PATCH 1/2] Do not allow username to have space at the beginning or
 at the end fixes #22035

---
 settings/js/users/users.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/settings/js/users/users.js b/settings/js/users/users.js
index 151ab6cdecc..16faaf667ec 100644
--- a/settings/js/users/users.js
+++ b/settings/js/users/users.js
@@ -776,6 +776,12 @@ $(document).ready(function () {
 				t('settings', 'Error creating user'));
 			return false;
 		}
+		if ($.trim(username).length !== username.length) {
+			OC.dialogs.alert(
+				t('settings', 'Username contains whitespace at the beginning or at the end'),
+				t('settings', 'Error creating user'));
+			return false;
+		}
 		if ($.trim(password) === '') {
 			OC.dialogs.alert(
 				t('settings', 'A valid password must be provided'),

From cc17ac9ff9e8b9efee94023bbacf50d1e7908873 Mon Sep 17 00:00:00 2001
From: Vincent Chan <plus.vincchan@gmail.com>
Date: Wed, 3 Feb 2016 14:09:15 +0100
Subject: [PATCH 2/2] move whitspace check to user manager

---
 lib/private/user/manager.php | 4 ++++
 settings/js/users/users.js   | 6 ------
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/lib/private/user/manager.php b/lib/private/user/manager.php
index 86750dcd994..6798a7340c3 100644
--- a/lib/private/user/manager.php
+++ b/lib/private/user/manager.php
@@ -265,6 +265,10 @@ class Manager extends PublicEmitter implements IUserManager {
 		if (trim($uid) == '') {
 			throw new \Exception($l->t('A valid username must be provided'));
 		}
+		// No whitespace at the beginning or at the end
+		if (strlen(trim($uid, "\t\n\r\0\x0B\xe2\x80\x8b")) !== strlen(trim($uid))) {
+			throw new \Exception($l->t('Username contains whitespace at the beginning or at the end'));
+		}
 		// No empty password
 		if (trim($password) == '') {
 			throw new \Exception($l->t('A valid password must be provided'));
diff --git a/settings/js/users/users.js b/settings/js/users/users.js
index 16faaf667ec..151ab6cdecc 100644
--- a/settings/js/users/users.js
+++ b/settings/js/users/users.js
@@ -776,12 +776,6 @@ $(document).ready(function () {
 				t('settings', 'Error creating user'));
 			return false;
 		}
-		if ($.trim(username).length !== username.length) {
-			OC.dialogs.alert(
-				t('settings', 'Username contains whitespace at the beginning or at the end'),
-				t('settings', 'Error creating user'));
-			return false;
-		}
 		if ($.trim(password) === '') {
 			OC.dialogs.alert(
 				t('settings', 'A valid password must be provided'),