diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-01-03 16:36:01 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-01-03 16:36:01 +0100 |
| commit | 9cfaf271422ef53c4896a9eb4e0c24ba9381d082 (patch) | |
| tree | 2416d58279c36e28afad9a3bc4caba1b284e0f2d /core/Controller/LostController.php | |
| parent | 06da8adcd309952b7b83ebfaa88c7259a41cd2ed (diff) | |
| download | nextcloud-server-9cfaf271422ef53c4896a9eb4e0c24ba9381d082.tar.gz nextcloud-server-9cfaf271422ef53c4896a9eb4e0c24ba9381d082.zip | |
Also limit the password length on reset
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'core/Controller/LostController.php')
| -rw-r--r-- | core/Controller/LostController.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index fadfa242b93..e7960dbcef5 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -240,6 +240,10 @@ class LostController extends Controller { $this->eventDispatcher->dispatchTyped(new BeforePasswordResetEvent($user, $password)); \OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'pre_passwordReset', ['uid' => $userId, 'password' => $password]); + if (strlen($password) > 469) { + throw new HintException('Password too long', $this->l10n->t('Password is too long. Maximum allowed length is 469 characters.')); + } + if (!$user->setPassword($password)) { throw new Exception(); } |