From 969fc45032ee9a2c4ae73b38d16eaa2f0aac2b42 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Wed, 13 Mar 2019 09:45:25 +0100
Subject: [PATCH] Do not allow invalid users to be created

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/private/User/Manager.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php
index 62f02915c3..4e3eea3733 100644
--- a/lib/private/User/Manager.php
+++ b/lib/private/User/Manager.php
@@ -279,6 +279,10 @@ class Manager extends PublicEmitter implements IUserManager {
 	 * @return bool|IUser the created user or false
 	 */
 	public function createUser($uid, $password) {
+		if (!$this->verifyUid($uid)) {
+			return false;
+		}
+
 		$localBackends = [];
 		foreach ($this->backends as $backend) {
 			if ($backend instanceof Database) {
@@ -598,4 +602,14 @@ class Manager extends PublicEmitter implements IUserManager {
 			return ($u instanceof IUser);
 		}));
 	}
+
+	private function verifyUid(string $uid): bool {
+		$appdata = 'appdata_' . $this->config->getSystemValueString('instanceid');
+
+		if ($uid === '.htaccess' || $uid === 'files_external' || $uid === '.ocdata' || $uid === 'owncloud.log' || $uid === 'nextcloud.log' || $uid === $appdata) {
+			return false;
+		}
+
+		return true;
+	}
 }