summaryrefslogtreecommitdiffstats
path: root/apps/provisioning_api/lib/Controller/UsersController.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/provisioning_api/lib/Controller/UsersController.php')
-rw-r--r--apps/provisioning_api/lib/Controller/UsersController.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index 49ad5c21521..8a227b7124e 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -389,6 +389,9 @@ class UsersController extends AUserData {
}
$generatePasswordResetToken = false;
+ if (strlen($password) > 469) {
+ throw new OCSException('Invalid password value', 101);
+ }
if ($password === '') {
if ($email === '') {
throw new OCSException('To send a password link to the user an email address is required.', 108);
@@ -873,6 +876,9 @@ class UsersController extends AUserData {
break;
case self::USER_FIELD_PASSWORD:
try {
+ if (strlen($value) > 469) {
+ throw new OCSException('Invalid password value', 102);
+ }
if (!$targetUser->canChangePassword()) {
throw new OCSException('Setting the password is not supported by the users backend', 103);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-23 04:50:00 +0000