From cf78f3737e4e0fdf7b14e5e1129bca4b80cbc6c3 Mon Sep 17 00:00:00 2001 From: Eric Bloch Date: Thu, 1 Mar 2012 16:34:06 -0800 Subject: [PATCH] Email and passwd must be le 255 chars --- controller/signup.xqy | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/controller/signup.xqy b/controller/signup.xqy index 1c53c8143..233eb2211 100644 --- a/controller/signup.xqy +++ b/controller/signup.xqy @@ -18,7 +18,13 @@ return if (not(exists($signed_request))) then let $signup := xdmp:get-request-field("list", "off") (: validate email addy, passwords, etc :) - let $valid := util:validateEmail($email) and ($password eq $confirm-password) and ($name and not($name eq "")) + let $valid := util:validateEmail($email) and + (fn:string-length($email) le 255) and + (fn:string-length($password) le 255) and + ($password and not($password eq "")) and + ($password eq $confirm-password) and + ($name and not($name eq "")) and + true() (: rely on nice client side error messages; this validation is for protection, so no need to be nice with error text :) let $user := if ($valid) then users:createOrUpdateUser($name, $email, $password, $signup)