diff options
author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2018-08-13 15:52:09 +0200 |
---|---|---|
committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2018-08-13 15:52:09 +0200 |
commit | 42300d19e909978044fe2d3fc34322f04195fd9b (patch) | |
tree | 3c12ee0076f48335042efe0a0f80d8e59a25baf9 /core/Controller/LoginController.php | |
parent | 7ba57233bff08033da0e58049a4710b370627e0b (diff) | |
download | nextcloud-server-42300d19e909978044fe2d3fc34322f04195fd9b.tar.gz nextcloud-server-42300d19e909978044fe2d3fc34322f04195fd9b.zip |
Fix max length requirements for the throttler metadata
If a failed login is logged, we save the username as metadata
in the bruteforce throttler. To prevent database error due to
very long strings, this truncates the username at 64 bytes in
the assumption that no real username is longer than that.long strings,
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'core/Controller/LoginController.php')
-rw-r--r-- | core/Controller/LoginController.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 5db650c4c47..09b6fe54384 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -382,7 +382,7 @@ class LoginController extends Controller { $response = new RedirectResponse( $this->urlGenerator->linkToRoute('core.login.showLoginForm', $args) ); - $response->throttle(['user' => $user]); + $response->throttle(['user' => substr($user, 0, 64)]); $this->session->set('loginMessages', [ [$loginMessage], [] ]); |