From 980ed4604cdc57af5befabc13bfdbd9d9bb233eb Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@gnome.org>
Date: Wed, 26 Feb 2020 17:21:07 -0600
Subject: user: reject requests to change full name to something including a
 comma

Because real name is stored in the GECOS field of /etc/passwd, which is delimited
by commas that cannot be escaped, the user's full name must not contain a comma.

Fixes #83
---
 src/user.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/user.c b/src/user.c
index 1c3fcb2..13b1102 100644
--- a/src/user.c
+++ b/src/user.c
@@ -893,6 +893,11 @@ user_set_real_name (AccountsUser          *auser,
                 return TRUE;
         }
 
+        if (g_utf8_strchr (real_name, -1, ',') != NULL) {
+                throw_error (context, ERROR_FAILED, "setting real name failed: real name '%s' must not contain commas", real_name);
+                return TRUE;
+        }
+
         if (accounts_user_get_uid (ACCOUNTS_USER (user)) == (uid_t) uid)
                 action_id = "org.freedesktop.accounts.change-own-user-data";
         else
-- 
cgit v1.2.3