Do not save invalid display name to the database

Signed-off-by: Christopher Ng <chrng8@gmail.com>
2026-05-28 04:32:30 -04:00 · 2022-06-28 18:03:15 +00:00 · 2022-06-28 18:03:15 +00:00 · c0868f93f1
commit c0868f93f1
parent a1bc770043
2 changed files with 7 additions and 1 deletions
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@ -837,7 +837,9 @@ class UsersController extends AUserData {
 		switch ($key) {
 			case self::USER_FIELD_DISPLAYNAME:
 			case IAccountManager::PROPERTY_DISPLAYNAME:
-				$targetUser->setDisplayName($value);
+				if (!$targetUser->setDisplayName($value)) {
+					throw new OCSException('Invalid displayname', 102);
+				}
 				break;
 			case self::USER_FIELD_QUOTA:
 				$quota = $value;
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@ -215,6 +215,10 @@ class Database extends ABackend implements
 	 * Change the display name of a user
 	 */
 	public function setDisplayName(string $uid, string $displayName): bool {
+		if (mb_strlen($displayName) > 64) {
+			return false;
+		}
+
 		$this->fixDI();

 		if ($this->userExists($uid)) {