diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2021-04-06 16:00:44 +0000 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2021-04-12 16:37:04 +0000 |
| commit | ad91f39c4684ec277360286353a921a336181d7c (patch) | |
| tree | 8b66b1a27dfae225f540e55708d866142b4e812c /lib | |
| parent | 87212ab0972fe32c367cb2be90451fb71dde57fd (diff) | |
| download | nextcloud-server-ad91f39c4684ec277360286353a921a336181d7c.tar.gz nextcloud-server-ad91f39c4684ec277360286353a921a336181d7c.zip | |
Limit size of properties to 2048 characters
It is unreasonable to expect that one of these fields would be longer
than 2048 characters. Whilst some have definitely lower limits (such as
for phone numbers or domain names), a upper bound as sanity check makes
sense.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Accounts/AccountManager.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php index 7b08fa3e598..ea8f99e0216 100644 --- a/lib/private/Accounts/AccountManager.php +++ b/lib/private/Accounts/AccountManager.php @@ -144,6 +144,17 @@ class AccountManager implements IAccountManager { } } + // set a max length + foreach ($data as $propertyName => $propertyData) { + if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) { + if ($throwOnData) { + throw new \InvalidArgumentException($propertyName); + } else { + $data[$propertyName]['value'] = ''; + } + } + } + $allowedScopes = [ self::SCOPE_PRIVATE, self::SCOPE_LOCAL, |