update unityuser to do same checks on login shell as frontend does

simonLeary42 · simonLeary42 · commit 79759294c87c · 2025-04-24T15:01:00.000-04:00
diff --git a/resources/lib/UnityUser.php b/resources/lib/UnityUser.php
@@ -450,6 +450,9 @@ public function setLoginShell($shell, $operator = null, $send_mail = true)
         if (!mb_check_encoding($shell, 'ASCII')) {
             throw new Exception("non ascii characters are not allowed in a login shell!");
         }
+        if ($shell != trim($shell)) {
+            throw new Exception("leading/trailing whitespace is not allowed in a login shell!");
+        }
         $ldapUser = $this->getLDAPUser();
         if ($ldapUser->exists()) {
             $ldapUser->setAttribute("loginshell", $shell);
diff --git a/test/functional/LoginShellSetTest.php b/test/functional/LoginShellSetTest.php
@@ -36,6 +36,9 @@ public function testSetLoginShellCustom(string $shell): void
         if (!mb_check_encoding($shell, 'ASCII')) {
             $this->expectException("Exception");
         }
+        if ($shell != trim($shell)) {
+            $this->expectException("Exception");
+        }
         // FIXME shell is not validated
         post(
             __DIR__ . "/../../webroot/panel/account.php",
