Skip to content

Commit 6b33c6e

Browse files
silverkszlosilverkszlo
committed
fix(SessionService): sanitize displayName to utf8 encoding
Signed-off-by: silver <s.szmajduch@posteo.de>
1 parent 88ca7c3 commit 6b33c6e

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

lib/Service/SessionService.php

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ class SessionService {
3232
private IAvatarManager $avatarManager;
3333
private ?string $userId;
3434
private ICache $cache;
35+
private EncodingService $encodingService;
3536

3637
/** @var ?Session cache current session in the request */
3738
private ?Session $session = null;
@@ -46,12 +47,14 @@ public function __construct(
4647
IManager $directManager,
4748
?string $userId,
4849
ICacheFactory $cacheFactory,
50+
EncodingService $encodingService,
4951
) {
5052
$this->sessionMapper = $sessionMapper;
5153
$this->secureRandom = $secureRandom;
5254
$this->timeFactory = $timeFactory;
5355
$this->userManager = $userManager;
5456
$this->avatarManager = $avatarManager;
57+
$this->encodingService = $encodingService;
5558
$this->userId = $userId;
5659

5760
$token = $request->getParam('token');
@@ -99,7 +102,8 @@ public function getAllSessions(int $documentId): array {
99102
return array_map(function (Session $session) {
100103
$result = $session->jsonSerialize();
101104
if (!$session->isGuest()) {
102-
$result['displayName'] = $this->userManager->getDisplayName($session->getUserId());
105+
$displayName = $this->userManager->getDisplayName($session->getUserId()) ?? '';
106+
$result['displayName'] = $this->encodingService->encodeToUtf8($displayName) ?? $displayName;
103107
}
104108
return $result;
105109
}, $sessions);
@@ -114,15 +118,17 @@ public function getActiveSessions(int $documentId): array {
114118
return array_map(function (Session $session) {
115119
$result = $session->jsonSerialize();
116120
if (!$session->isGuest()) {
117-
$result['displayName'] = $this->userManager->getDisplayName($session->getUserId());
121+
$displayName = $this->userManager->getDisplayName($session->getUserId()) ?? '';
122+
$result['displayName'] = $this->encodingService->encodeToUtf8($displayName) ?? $displayName;
118123
}
119124
return $result;
120125
}, $sessions);
121126
}
122127

123128
public function getNameForSession(Session $session): ?string {
124129
if (!$session->isGuest()) {
125-
return $this->userManager->getDisplayName($session->getUserId());
130+
$displayName = $this->userManager->getDisplayName($session->getUserId()) ?? '';
131+
return $this->encodingService->encodeToUtf8($displayName) ?? $displayName;
126132
}
127133

128134
return $session->getGuestName();

0 commit comments

Comments
 (0)