aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller/LoginController.php
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2018-08-13 15:52:09 +0200
committerChristoph Wurst <christoph@winzerhof-wurst.at>2018-08-13 15:52:09 +0200
commit42300d19e909978044fe2d3fc34322f04195fd9b (patch)
tree3c12ee0076f48335042efe0a0f80d8e59a25baf9 /core/Controller/LoginController.php
parent7ba57233bff08033da0e58049a4710b370627e0b (diff)
downloadnextcloud-server-42300d19e909978044fe2d3fc34322f04195fd9b.tar.gz
nextcloud-server-42300d19e909978044fe2d3fc34322f04195fd9b.zip
Fix max length requirements for the throttler metadata
If a failed login is logged, we save the username as metadata in the bruteforce throttler. To prevent database error due to very long strings, this truncates the username at 64 bytes in the assumption that no real username is longer than that.long strings, Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'core/Controller/LoginController.php')
-rw-r--r--core/Controller/LoginController.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 5db650c4c47..09b6fe54384 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -382,7 +382,7 @@ class LoginController extends Controller {
$response = new RedirectResponse(
$this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)
);
- $response->throttle(['user' => $user]);
+ $response->throttle(['user' => substr($user, 0, 64)]);
$this->session->set('loginMessages', [
[$loginMessage], []
]);