Do not allow invalid users to be created

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Author: rullzer

lib/private/User/Manager.php

@@ -279,6 +279,10 @@ public function searchDisplayName($pattern, $limit = null, $offset = null) {
 	 * @return bool|IUser the created user or false
 	 */
 	public function createUser($uid, $password) {
+		if (!$this->verifyUid($uid)) {
+			return false;
+		}
+
 		$localBackends = [];
 		foreach ($this->backends as $backend) {
 			if ($backend instanceof Database) {
@@ -598,4 +602,14 @@ public function getByEmail($email) {
 			return ($u instanceof IUser);
 		}));
 	}
+
+	private function verifyUid(string $uid): bool {
+		$appdata = 'appdata_' . $this->config->getSystemValueString('instanceid');
+
+		if ($uid === '.htaccess' || $uid === 'files_external' || $uid === '.ocdata' || $uid === 'owncloud.log' || $uid === 'nextcloud.log' || $uid === $appdata) {
+			return false;
+		}
+
+		return true;
+	}
 }