diff options
| author | Joas Schilling <coding@schilljs.com> | 2022-03-22 10:51:54 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2022-03-23 10:47:56 +0100 |
| commit | a0c7798c7dd0ec537a6ed3b964103a9ad94d2040 (patch) | |
| tree | 9e68e05927644e5b382420ed5dabdbbd5688c569 /core | |
| parent | 0fa17f8902e7391f189227b406a0058af6c4a4e0 (diff) | |
| download | nextcloud-server-a0c7798c7dd0ec537a6ed3b964103a9ad94d2040.tar.gz nextcloud-server-a0c7798c7dd0ec537a6ed3b964103a9ad94d2040.zip | |
Limit the length of app password names
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/AppPasswordController.php | 3 | ||||
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 4 |
2 files changed, 7 insertions, 0 deletions
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php index 41f0f6e4f27..7cc0310746d 100644 --- a/core/Controller/AppPasswordController.php +++ b/core/Controller/AppPasswordController.php @@ -99,6 +99,9 @@ class AppPasswordController extends \OCP\AppFramework\OCSController { } $userAgent = $this->request->getHeader('USER_AGENT'); + if (mb_strlen($userAgent) > 128) { + $userAgent = mb_substr($userAgent, 0, 120) . '…'; + } $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index e067f0ff6b5..ff6b8888884 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -322,6 +322,10 @@ class ClientFlowLoginController extends Controller { $clientName = $client->getName(); } + if (mb_strlen($clientName) > 128) { + $clientName = mb_substr($clientName, 0, 120) . '…'; + } + $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); $uid = $this->userSession->getUser()->getUID(); $generatedToken = $this->tokenProvider->generateToken( |