summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--apps/provisioning_api/lib/Controller/UsersController.php6
-rw-r--r--apps/settings/src/components/UserList.vue1
2 files changed, 7 insertions, 0 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index e8b6fd0e8d9..0f9ffcbadf4 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -389,6 +389,9 @@ class UsersController extends AUserData {
}
$generatePasswordResetToken = false;
+ if (strlen($password) > 469) {
+ throw new OCSException('Invalid password value', 101);
+ }
if ($password === '') {
if ($email === '') {
throw new OCSException('To send a password link to the user an email address is required.', 108);
@@ -882,6 +885,9 @@ class UsersController extends AUserData {
break;
case self::USER_FIELD_PASSWORD:
try {
+ if (strlen($value) > 469) {
+ throw new OCSException('Invalid password value', 102);
+ }
if (!$targetUser->canChangePassword()) {
throw new OCSException('Setting the password is not supported by the users backend', 103);
}
diff --git a/apps/settings/src/components/UserList.vue b/apps/settings/src/components/UserList.vue
index 8b2a84a9b9a..9d737206bf4 100644
--- a/apps/settings/src/components/UserList.vue
+++ b/apps/settings/src/components/UserList.vue
@@ -56,6 +56,7 @@
ref="newuserpassword"
v-model="newUser.password"
:minlength="minPasswordLength"
+ :maxlength="469"
:placeholder="t('settings', 'Password')"
:required="newUser.mailAddress===''"
autocapitalize="none"
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-15 10:07:24 +0000