diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2023-01-04 09:51:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-04 09:51:54 +0100 |
| commit | ce50acd9b2d7acb3f04fd7c7940e821cb3d76a71 (patch) | |
| tree | 9794239b8021f8157777df35f05b5c174248c934 | |
| parent | c8160a61509ef0851585cac6014829c74a888a17 (diff) | |
| parent | 9cfaf271422ef53c4896a9eb4e0c24ba9381d082 (diff) | |
| download | nextcloud-server-ce50acd9b2d7acb3f04fd7c7940e821cb3d76a71.tar.gz nextcloud-server-ce50acd9b2d7acb3f04fd7c7940e821cb3d76a71.zip | |
Merge pull request #35965 from nextcloud/bugfix/noid/limit-length-when-reseting-password
Also limit the password length on reset
| -rw-r--r-- | core/Controller/LoginController.php | 2 | ||||
| -rw-r--r-- | core/Controller/LostController.php | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 4c4a12355d2..386987842c2 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -121,7 +121,7 @@ class LoginController extends Controller { $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute( 'core.login.showLoginForm', - ['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers + ['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers )); $this->session->set('clearingExecutionContexts', '1'); diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index fadfa242b93..e7960dbcef5 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -240,6 +240,10 @@ class LostController extends Controller { $this->eventDispatcher->dispatchTyped(new BeforePasswordResetEvent($user, $password)); \OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'pre_passwordReset', ['uid' => $userId, 'password' => $password]); + if (strlen($password) > 469) { + throw new HintException('Password too long', $this->l10n->t('Password is too long. Maximum allowed length is 469 characters.')); + } + if (!$user->setPassword($password)) { throw new Exception(); } |