Skip to content

Commit

Permalink
Limit size of properties to 2048 characters
Browse files Browse the repository at this point in the history 
It is unreasonable to expect that one of these fields would be longer
than 2048 characters. Whilst some have definitely lower limits (such as
for phone numbers or domain names), a upper bound as sanity check makes
sense.

Backport of #26433

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
  • Loading branch information
@LukasReschke @rullzer
LukasReschke authored and rullzer committed Apr 29, 2021
1 parent a3fb791 commit 845a67c
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions lib/private/Accounts/AccountManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,14 @@ public function __construct(IDBConnection $connection,
public function updateUser(IUser $user, $data) {
$userData = $this->getUser($user);
$updated = true;

// set a max length
foreach ($data as $propertyName => $propertyData) {
if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) {
$data[$propertyName]['value'] = '';
}
}

if (empty($userData)) {
$this->insertNewUser($user, $data);
} elseif ($userData !== $data) {
Expand Down

0 comments on commit 845a67c

Please sign in to comment.