feat: Limit email input on auth pages to 255 chars

Excessively long emails reported make server unresponsive.

We could at some point, consider adding a configuration for sysadmins to bypass this setting
on their instance if they want.

Signed-off-by: fenn-cs <fenn25.fn@gmail.com>

1 files changed, 12 insertions, 1 deletions

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index fb60f0feccc..90c49549249 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -336,9 +336,20 @@ class LoginController extends Controller {
 			);
 		}
 
+		$user = trim($user);
+
+		if (strlen($user) > 255) {
+			return $this->createLoginFailedResponse(
+				$user,
+				$user,
+				$redirect_url,
+				$this->l10n->t('Unsupported email length (>255)')
+			);
+		}
+
 		$data = new LoginData(
 			$this->request,
-			trim($user),
+			$user,
 			$password,
 			$redirect_url,
 			$timezone,