Merge pull request #26543 from nextcloud/stable19-26433

[stable19] Limit size of properties to 2048 characters
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2021-04-30 09:28:08 +0200
committer: GitHub <noreply@github.com> 2021-04-30 09:28:08 +0200
commit: 12aa976b8813f98881cb3733aab1823c60a8c345 (patch)
tree: cc2c0e7d10e10e9e19dd997ef44236fb6a21e7c5
parent: ce3ef23d26bb204ab7bc5869b479f0063a5c1a73 (diff)
parent: 845a67c02b3da3b758aebfe2b05285f8974458ea (diff)
download: nextcloud-server-12aa976b8813f98881cb3733aab1823c60a8c345.tar.gz
nextcloud-server-12aa976b8813f98881cb3733aab1823c60a8c345.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php
index e503ff55021..8f0194cdd87 100644
--- a/lib/private/Accounts/AccountManager.php
+++ b/lib/private/Accounts/AccountManager.php
@@ -93,6 +93,14 @@ class AccountManager implements IAccountManager {
 	public function updateUser(IUser $user, $data) {
 		$userData = $this->getUser($user);
 		$updated = true;
+
+		// set a max length
+		foreach ($data as $propertyName => $propertyData) {
+			if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) {
+				$data[$propertyName]['value'] = '';
+			}
+		}
+
 		if (empty($userData)) {
 			$this->insertNewUser($user, $data);
 		} elseif ($userData !== $data) {
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2021-04-30 09:28:08 +0200
committer	GitHub <noreply@github.com>	2021-04-30 09:28:08 +0200
commit	12aa976b8813f98881cb3733aab1823c60a8c345 (patch)
tree	cc2c0e7d10e10e9e19dd997ef44236fb6a21e7c5
parent	ce3ef23d26bb204ab7bc5869b479f0063a5c1a73 (diff)
parent	845a67c02b3da3b758aebfe2b05285f8974458ea (diff)
download	nextcloud-server-12aa976b8813f98881cb3733aab1823c60a8c345.tar.gz nextcloud-server-12aa976b8813f98881cb3733aab1823c60a8c345.zip