Fix errors when updating the user directory with invalid data (#8223)

author: Patrick Cloke <clokep@users.noreply.github.com> 2020-09-01 13:02:41 -0400
committer: GitHub <noreply@github.com> 2020-09-01 13:02:41 -0400
commit: b939251c37d748a4be6346eb27bd5fdfaff17738 (patch)
tree: 0db61d4ee0eb7cdf72cf437f5458113621296b0b /synapse/handlers/profile.py
parent: Explain better what GDPR-erased means (#8189) (diff)
download: synapse-b939251c37d748a4be6346eb27bd5fdfaff17738.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/synapse/handlers/profile.py b/synapse/handlers/profile.py
index 96c9d6bab4..0cb8fad89a 100644
--- a/synapse/handlers/profile.py
+++ b/synapse/handlers/profile.py
@@ -161,6 +161,9 @@ class BaseProfileHandler(BaseHandler):
                     Codes.FORBIDDEN,
                 )
 
+        if not isinstance(new_displayname, str):
+            raise SynapseError(400, "Invalid displayname")
+
         if len(new_displayname) > MAX_DISPLAYNAME_LEN:
             raise SynapseError(
                 400, "Displayname is too long (max %i)" % (MAX_DISPLAYNAME_LEN,)
@@ -235,6 +238,9 @@ class BaseProfileHandler(BaseHandler):
                     400, "Changing avatar is disabled on this server", Codes.FORBIDDEN
                 )
 
+        if not isinstance(new_avatar_url, str):
+            raise SynapseError(400, "Invalid displayname")
+
         if len(new_avatar_url) > MAX_AVATAR_URL_LEN:
             raise SynapseError(
                 400, "Avatar URL is too long (max %i)" % (MAX_AVATAR_URL_LEN,)
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-09-01 13:02:41 -0400
committer	GitHub <noreply@github.com>	2020-09-01 13:02:41 -0400
commit	b939251c37d748a4be6346eb27bd5fdfaff17738 (patch)
tree	0db61d4ee0eb7cdf72cf437f5458113621296b0b /synapse/handlers/profile.py
parent	Explain better what GDPR-erased means (#8189) (diff)
download	synapse-b939251c37d748a4be6346eb27bd5fdfaff17738.tar.xz