diff options
author | Carl Schwan <carl@carlschwan.eu> | 2022-07-05 11:47:25 +0200 |
---|---|---|
committer | Carl Schwan <carl@carlschwan.eu> | 2022-07-05 11:47:25 +0200 |
commit | f99a06c89a116cbc447b5fb5d2ec27462b9fba51 (patch) | |
tree | 7d40b7a5cbe861549f4f024795b54ba716076207 /apps/settings | |
parent | 1c23c029af1ef83935badb8b63cb4dffac59b1e4 (diff) | |
download | nextcloud-server-f99a06c89a116cbc447b5fb5d2ec27462b9fba51.tar.gz nextcloud-server-f99a06c89a116cbc447b5fb5d2ec27462b9fba51.zip |
Don't allow setting password bigger than 469 characters
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Diffstat (limited to 'apps/settings')
3 files changed, 12 insertions, 1 deletions
diff --git a/apps/settings/lib/Controller/ChangePasswordController.php b/apps/settings/lib/Controller/ChangePasswordController.php index 7c3ab9546bc..41f2584721c 100644 --- a/apps/settings/lib/Controller/ChangePasswordController.php +++ b/apps/settings/lib/Controller/ChangePasswordController.php @@ -107,7 +107,7 @@ class ChangePasswordController extends Controller { } try { - if ($newpassword === null || $user->setPassword($newpassword) === false) { + if ($newpassword === null || strlen($newpassword) > 469 || $user->setPassword($newpassword) === false) { return new JSONResponse([ 'status' => 'error', 'data' => [ @@ -158,6 +158,15 @@ class ChangePasswordController extends Controller { ]); } + if (strlen($password) > 469) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Unable to change password. Password too long.'), + ], + ]); + } + $currentUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($username); if ($currentUser === null || $targetUser === null || diff --git a/apps/settings/src/components/UserList/UserRow.vue b/apps/settings/src/components/UserList/UserRow.vue index de0a09f2221..f2947019f40 100644 --- a/apps/settings/src/components/UserList/UserRow.vue +++ b/apps/settings/src/components/UserList/UserRow.vue @@ -107,6 +107,7 @@ ref="password" :disabled="loading.password || loading.all" :minlength="minPasswordLength" + maxlength="469" :placeholder="t('settings', 'Add new password')" autocapitalize="off" autocomplete="new-password" diff --git a/apps/settings/templates/settings/personal/security/password.php b/apps/settings/templates/settings/personal/security/password.php index 88536ab6b23..85959e252cc 100644 --- a/apps/settings/templates/settings/personal/security/password.php +++ b/apps/settings/templates/settings/personal/security/password.php @@ -46,6 +46,7 @@ if ($_['passwordChangeSupported']) { <div class="personal-show-container"> <label for="pass2" class="hidden-visually"><?php p($l->t('New password'));?>: </label> <input type="password" id="pass2" name="newpassword" + maxlength="469" placeholder="<?php p($l->t('New password')); ?>" data-typetoggle="#personal-show" autocomplete="new-password" autocapitalize="none" autocorrect="off" /> |