Skip to content

fix: validate length of displayname when setting it #41172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 1, 2024
Merged

fix: validate length of displayname when setting it #41172

merged 1 commit into from
Feb 1, 2024

Conversation

@DeepDiver1975
Copy link
Member

@DeepDiver1975 DeepDiver1975 commented Feb 1, 2024

Description

Simple input validation when setting the display name

Related Issue

  • Fixes <issue_link>

Motivation and Context

How Has This Been Tested?

  • test environment:
  • test case 1:
  • test case 2:
  • ...

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@DeepDiver1975 DeepDiver1975 force-pushed the fix/displayname-length-input-validation branch from c3d3618 to e1be726 Compare February 1, 2024 09:39
jvillafanez
jvillafanez reviewed Feb 1, 2024
View reviewed changes
Copy link
Member

@jvillafanez jvillafanez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code is fine, but we should refactor the validation methods at some point.

settings/Controller/UsersController.php
Comment on lines +1074 to +1077
$resp = $this->validateString($displayName, 64);
if ($resp) {
return $resp;
}
Copy link
Member

@jvillafanez jvillafanez Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should refactor the validation at some point.
I see 2 options for the validateString (and validateEmail) methods:

  • Return true or false according to the validation
  • Don't return anything and throw an exception if the validation fails. We might need to include a comment saying that an unhandled exception could be thrown from that method.

Right now, the code feels too unnatural, and I had to check what the validateString method does, which is awkward.

Copy link
Member Author

@DeepDiver1975 DeepDiver1975 Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes - we had this already on some other pr.

In an ideal world we would simply throw an exception which is caught by a middle ware ....

But to be honest - oc10 will go nowhere from here ... I just want to harden this one api call 🤷

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 1, 2024

Quality Gate Passed Quality Gate passed

The SonarCloud Quality Gate passed, but some issues were introduced.

1 New issue
0 Security Hotspots
66.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@owncloud owncloud deleted a comment from update-docs bot Feb 1, 2024
@phil-davis phil-davis merged commit 1835985 into master Feb 1, 2024
@delete-merged-branch delete-merged-branch bot deleted the fix/displayname-length-input-validation branch February 1, 2024 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jvillafanez jvillafanez jvillafanez left review comments

@phil-davis phil-davis phil-davis approved these changes

+1 more reviewer

@IljaN IljaN IljaN approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

3 - To Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@DeepDiver1975 @IljaN @jvillafanez @phil-davis