From 2fcfe6d8cc394a0057fd1a3dc52a36a4233c0842 Mon Sep 17 00:00:00 2001
From: Alexandre Roux <alexandre.roux.danzi@lostpod.me>
Date: Tue, 21 May 2024 08:17:58 +0000
Subject: [PATCH] Escape display name

---
 lib/Service/UserService.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Service/UserService.php b/lib/Service/UserService.php
index c8ad16b8..ae235538 100644
--- a/lib/Service/UserService.php
+++ b/lib/Service/UserService.php
@@ -313,9 +313,9 @@ class UserService {
 	private function addNewUserToLDAP(string $displayName, string $recoveryEmail, string $username, string $userEmail, string $password): void {
 		$connection = $this->LDAPConnectionService->getLDAPConnection();
 		$base = $this->LDAPConnectionService->getLDAPBaseUsers()[0];
-		
 		$newUserDN = "username=$username," . $base;
 		
+		$displayName = htmlspecialchars($displayName);
 		$quota = $this->getDefaultQuota() * 1024 * 1024;
 		
 		$newUserEntry = [
-- 
GitLab