diff --git a/packages/backend/src/server/api/endpoints/i/update.ts b/packages/backend/src/server/api/endpoints/i/update.ts index b39b52bc4148..e363b05625c9 100644 --- a/packages/backend/src/server/api/endpoints/i/update.ts +++ b/packages/backend/src/server/api/endpoints/i/update.ts @@ -252,6 +252,8 @@ export default class extends Endpoint { // eslint- const user = await this.usersRepository.findOneByOrFail({ id: _user.id }) as MiLocalUser; const isSecure = token == null; + const onlyControlCharsAndSpaceRegex = /^[\u0000-\u001F\u007F-\u009F\u061C\u200E\u200F\u202A-\u202E\u2066-\u2069\s]+$/; + const updates = {} as Partial; const profileUpdates = {} as Partial; @@ -262,7 +264,13 @@ export default class extends Endpoint { // eslint- updates.name = null; } else { const trimmedName = ps.name.trim(); - updates.name = trimmedName === '' ? null : trimmedName; + if (trimmedName === '') { + updates.name = null; + } else if (onlyControlCharsAndSpaceRegex.test(trimmedName)) { + updates.name = null; + } else { + updates.name = trimmedName; + } } } if (ps.description !== undefined) profileUpdates.description = ps.description; diff --git a/packages/backend/test/e2e/endpoints.ts b/packages/backend/test/e2e/endpoints.ts index 2b101fdbe7a0..f01fdf1d00c5 100644 --- a/packages/backend/test/e2e/endpoints.ts +++ b/packages/backend/test/e2e/endpoints.ts @@ -134,6 +134,14 @@ describe('Endpoints', () => { assert.strictEqual(res.body.name, 'あ い う'); }); + test('名前にUnicode制御文字とスペースしか含まない場合はnullになる', async () => { + const res = await api('i/update', { + name: ' \u202e ', + }, alice); + assert.strictEqual(res.status, 200); + assert.strictEqual(res.body.name, null); + }); + test('誕生日の設定を削除できる', async () => { await api('i/update', { birthday: '2000-09-07',