-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Remove any NULL characters from remote displaynames before updating user directory #12743
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -464,6 +464,10 @@ async def _handle_possible_remote_profile_change( | |
|
||
prev_name = prev_event.content.get("displayname") | ||
new_name = event.content.get("displayname") | ||
|
||
# Replace any NULL characters in the name as these cannot be stored in the database | ||
new_name = new_name.replace("\x00", "\uFFFD") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We used a space as the replacement character in #10820. I think this might have been chosen to make sure that the text-search stuff (as in https://www.postgresql.org/docs/current/datatype-textsearch.html and https://www.postgresql.org/docs/current/textsearch-controls.html) work more nicely. Let me see if I can experiment to see how postgres handles a replacement character in that context... There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We'll want to move this after the ... actually do we want to do it after the has-anything-changed condition?: |
||
|
||
# If the new name is an unexpected form, do not update the directory. | ||
if not isinstance(new_name, str): | ||
new_name = prev_name | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For completeness, sqlite sort-of-supports null-codepointsin strings, with scary caveats: https://sqlite.org/nulinstr.html
Postgres definitely doesn't and won't any time soon. See e.g. this HN post.