From 3db9af416a54aed194790ac30ad7301279131478 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=B4me=20Chilliet?= Date: Tue, 27 Jan 2026 14:05:53 +0100 Subject: [PATCH 1/2] fix(user_ldap): Fix crash in some code path when a DN is longer that 64 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit UserConfig throws in this case. Signed-off-by: Côme Chilliet --- apps/user_ldap/lib/User/Manager.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/apps/user_ldap/lib/User/Manager.php b/apps/user_ldap/lib/User/Manager.php index 88a001dd9650d..cc19dae2867c0 100644 --- a/apps/user_ldap/lib/User/Manager.php +++ b/apps/user_ldap/lib/User/Manager.php @@ -163,9 +163,14 @@ function ($list, $attribute) { * @return bool */ public function isDeletedUser($id) { - $isDeleted = $this->ocConfig->getUserValue( - $id, 'user_ldap', 'isDeleted', 0); - return (int)$isDeleted === 1; + try { + $isDeleted = $this->ocConfig->getUserValue($id, 'user_ldap', 'isDeleted', 0); + return (int)$isDeleted === 1; + } catch (\InvalidArgumentException $e) { + // Most likely the string is too long to be a valid user id + $this->logger->debug('Invalid id given to isDeletedUser', ['exception' => $e]); + return false; + } } /** From 6f111206843c61e56413f92a4c149465181136a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=B4me=20Chilliet?= Date: Tue, 27 Jan 2026 15:21:23 +0100 Subject: [PATCH 2/2] fix: Add missing `@throws` annotations in UserConfig MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Côme Chilliet --- lib/private/Config/UserConfig.php | 1 + lib/public/Config/IUserConfig.php | 39 +++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/lib/private/Config/UserConfig.php b/lib/private/Config/UserConfig.php index 05018adc3f8fe..55c23f0c0e1d2 100644 --- a/lib/private/Config/UserConfig.php +++ b/lib/private/Config/UserConfig.php @@ -1708,6 +1708,7 @@ private function isFlagged(int $needle, int $flags): bool { * @param bool $allowEmptyUser * @param bool $allowEmptyApp $app can be empty string * @param ValueType|null $valueType assert value type is only one type + * @throws InvalidArgumentException if userId, app, or prefKey is invalid (too long, or empty string) */ private function assertParams( string $userId = '', diff --git a/lib/public/Config/IUserConfig.php b/lib/public/Config/IUserConfig.php index cb42608ea7536..45aa685a651ef 100644 --- a/lib/public/Config/IUserConfig.php +++ b/lib/public/Config/IUserConfig.php @@ -48,6 +48,7 @@ interface IUserConfig { * @param string $appId optional id of app * * @return list list of userIds + * @throws \InvalidArgumentException if $appId is invalid (too long) * * @since 32.0.0 */ @@ -62,6 +63,7 @@ public function getUserIds(string $appId = ''): array; * @param string $userId id of the user * * @return list list of app ids + * @throws \InvalidArgumentException if $userId is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -77,6 +79,7 @@ public function getApps(string $userId): array; * @param string $app id of the app * * @return list list of stored config keys + * @throws \InvalidArgumentException if $userId or $app is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -91,6 +94,7 @@ public function getKeys(string $userId, string $app): array; * @param bool $lazy search within lazy loaded config * * @return bool TRUE if key exists + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -106,6 +110,7 @@ public function hasKey(string $userId, string $app, string $key, ?bool $lazy = f * * @return bool TRUE if value is sensitive * @throws UnknownKeyException if config key is not known + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -126,6 +131,7 @@ public function isSensitive(string $userId, string $app, string $key, ?bool $laz * * @return bool TRUE if value is sensitive * @throws UnknownKeyException if config key is not known + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -142,6 +148,7 @@ public function isIndexed(string $userId, string $app, string $key, ?bool $lazy * * @return bool TRUE if config is lazy loaded * @throws UnknownKeyException if config key is not known + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * @see IUserConfig for details about lazy loading * * @since 32.0.0 @@ -160,6 +167,7 @@ public function isLazy(string $userId, string $app, string $key): bool; * @param bool $filtered filter sensitive config values * * @return array [key => value] + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -175,6 +183,7 @@ public function getValues(string $userId, string $app, string $prefix = '', bool * @param bool $filtered filter sensitive config values * * @return array [key => value] + * @throws \InvalidArgumentException if $userId is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -190,6 +199,7 @@ public function getAllValues(string $userId, bool $filtered = false): array; * @param ValueType|null $typedAs enforce type for the returned values * * @return array [appId => value] + * @throws \InvalidArgumentException if $userId or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -207,6 +217,7 @@ public function getValuesByApps(string $userId, string $key, bool $lazy = false, * @param array|null $userIds limit the search to a list of user ids * * @return array [userId => value] + * @throws \InvalidArgumentException if $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -224,6 +235,7 @@ public function getValuesByUsers(string $app, string $key, ?ValueType $typedAs = * @param bool $caseInsensitive non-case-sensitive search, only works if $value is a string * * @return Generator + * @throws \InvalidArgumentException if $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -240,6 +252,7 @@ public function searchUsersByValueString(string $app, string $key, string $value * @param int $value config value * * @return Generator + * @throws \InvalidArgumentException if $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -256,6 +269,7 @@ public function searchUsersByValueInt(string $app, string $key, int $value): Gen * @param array $values list of possible config values * * @return Generator + * @throws \InvalidArgumentException if $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -272,6 +286,7 @@ public function searchUsersByValues(string $app, string $key, array $values): Ge * @param bool $value config value * * @return Generator + * @throws \InvalidArgumentException if $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -289,6 +304,7 @@ public function searchUsersByValueBool(string $app, string $key, bool $value): G * @param bool $lazy search within lazy loaded config * * @return string stored config value or $default if not set in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -312,6 +328,7 @@ public function getValueString(string $userId, string $app, string $key, string * @param bool $lazy search within lazy loaded config * * @return int stored config value or $default if not set in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -335,6 +352,7 @@ public function getValueInt(string $userId, string $app, string $key, int $defau * @param bool $lazy search within lazy loaded config * * @return float stored config value or $default if not set in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -358,6 +376,7 @@ public function getValueFloat(string $userId, string $app, string $key, float $d * @param bool $lazy search within lazy loaded config * * @return bool stored config value or $default if not set in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -381,6 +400,7 @@ public function getValueBool(string $userId, string $app, string $key, bool $def * @param bool $lazy search within lazy loaded config * * @return array stored config value or $default if not set in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -406,6 +426,7 @@ public function getValueArray(string $userId, string $app, string $key, array $d * @return ValueType type of the value * @throws UnknownKeyException if config key is not known * @throws IncorrectTypeException if config value type is not known + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -425,6 +446,7 @@ public function getValueType(string $userId, string $app, string $key, ?bool $la * @return int a bitflag in relation to the config value * @throws UnknownKeyException if config key is not known * @throws IncorrectTypeException if config value type is not known + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -446,6 +468,7 @@ public function getValueFlags(string $userId, string $app, string $key, bool $la * @param bool $lazy set config as lazy loaded * * @return bool TRUE if value was different, therefor updated in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -478,6 +501,7 @@ public function setValueString(string $userId, string $app, string $key, string * @param bool $lazy set config as lazy loaded * * @return bool TRUE if value was different, therefor updated in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -505,6 +529,7 @@ public function setValueInt(string $userId, string $app, string $key, int $value * @param bool $lazy set config as lazy loaded * * @return bool TRUE if value was different, therefor updated in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -531,6 +556,7 @@ public function setValueFloat(string $userId, string $app, string $key, float $v * @param bool $lazy set config as lazy loaded * * @return bool TRUE if value was different, therefor updated in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -558,6 +584,7 @@ public function setValueBool(string $userId, string $app, string $key, bool $val * @param bool $lazy set config as lazy loaded * * @return bool TRUE if value was different, therefor updated in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 * @@ -580,6 +607,7 @@ public function setValueArray(string $userId, string $app, string $key, array $v * @param bool $sensitive TRUE to set as sensitive, FALSE to unset * * @return bool TRUE if database update were necessary + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -593,6 +621,7 @@ public function updateSensitive(string $userId, string $app, string $key, bool $ * @param string $app id of the app * @param string $key config key * @param bool $sensitive TRUE to set as sensitive, FALSE to unset + * @throws \InvalidArgumentException if $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -610,6 +639,7 @@ public function updateGlobalSensitive(string $app, string $key, bool $sensitive) * @param bool $indexed TRUE to set as indexed, FALSE to unset * * @return bool TRUE if database update were necessary + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -623,6 +653,7 @@ public function updateIndexed(string $userId, string $app, string $key, bool $in * @param string $app id of the app * @param string $key config key * @param bool $indexed TRUE to set as indexed, FALSE to unset + * @throws \InvalidArgumentException if $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -637,6 +668,7 @@ public function updateGlobalIndexed(string $app, string $key, bool $indexed): vo * @param bool $lazy TRUE to set as lazy loaded, FALSE to unset * * @return bool TRUE if database update was necessary + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -650,6 +682,7 @@ public function updateLazy(string $userId, string $app, string $key, bool $lazy) * @param string $app id of the app * @param string $key config key * @param bool $lazy TRUE to set as lazy loaded, FALSE to unset + * @throws \InvalidArgumentException if $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -676,6 +709,7 @@ public function updateGlobalLazy(string $app, string $key, bool $lazy): void; * * @return array * @throws UnknownKeyException if config key is not known in database + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -687,6 +721,7 @@ public function getDetails(string $userId, string $app, string $key): array; * @param string $userId id of the user * @param string $app id of the app * @param string $key config key + * @throws \InvalidArgumentException if $userId, $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -697,6 +732,7 @@ public function deleteUserConfig(string $userId, string $app, string $key): void * * @param string $app id of the app * @param string $key config key + * @throws \InvalidArgumentException if $app or $key is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -706,6 +742,7 @@ public function deleteKey(string $app, string $key): void; * delete all config keys linked to an app * * @param string $app id of the app + * @throws \InvalidArgumentException if $app is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -715,6 +752,7 @@ public function deleteApp(string $app): void; * delete all config keys linked to a user * * @param string $userId id of the user + * @throws \InvalidArgumentException if $userId is invalid (too long, or empty string) * * @since 32.0.0 */ @@ -727,6 +765,7 @@ public function deleteAllUserConfig(string $userId): void; * * @param string $userId id of the user * @param bool $reload set to TRUE to refill cache instantly after clearing it + * @throws \InvalidArgumentException if $userId is invalid (too long, or empty string) * * @since 32.0.0 */