From cc31af1d25704b369fc997f4b70c866541d6682a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20M=C3=BCller?= <thomas.mueller@tmit.eu>
Date: Tue, 3 Apr 2018 16:15:52 +0200
Subject: [PATCH] Make sure the minimum number of characters is used when
 searching

---
 core/ajax/share.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/core/ajax/share.php b/core/ajax/share.php
index 544f4efed57f..d5cae68ed0fe 100644
--- a/core/ajax/share.php
+++ b/core/ajax/share.php
@@ -307,11 +307,18 @@ function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
 			if (isset($_GET['search'])) {
 				$cm = OC::$server->getContactsManager();
 
-				$userEnumerationAllowed = OC::$server->getConfig()
-					->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') == 'yes';
+				$config = OC::$server->getConfig();
+				$userEnumerationAllowed = $config
+					->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
+				$pattern = (string)$_GET['search'];
+				$searchConfig =  new \OCP\Util\UserSearch($config);
+				if (!$searchConfig->isSearchable($pattern)) {
+					OC_JSON::error();
+					return;
+				}
 
 				if ($cm !== null && $cm->isEnabled() && $userEnumerationAllowed) {
-					$contacts = $cm->search((string)$_GET['search'], ['FN', 'EMAIL']);
+					$contacts = $cm->search($pattern, ['FN', 'EMAIL']);
 					foreach ($contacts as $contact) {
 						// We don't want contacts from system address books
 						if (isset($contact['isSystemBook'])) {