1 files changed, 22 insertions, 0 deletions

diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 41b60ecc638..ab42c0daab4 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -737,6 +737,7 @@ class Share extends Constants {
 
 				// Generate hash of password - same method as user passwords
 				if (!empty($shareWith)) {
+					self::verifyPassword($shareWith);
 					$shareWith = \OC::$server->getHasher()->hash($shareWith);
 				} else {
 					// reuse the already set password, but only if we change permissions
@@ -1252,6 +1253,8 @@ class Share extends Constants {
 			throw new \Exception('Cannot remove password');
 		}
 
+		self::verifyPassword($password);
+
 		$qb = $connection->getQueryBuilder();
 		$qb->update('*PREFIX*share')
 			->set('share_with', $qb->createParameter('pass'))
@@ -2604,4 +2607,23 @@ class Share extends Constants {
 		$result = \OC::$server->getDatabaseConnection()->executeQuery($query, [$id]);
 		return $result->fetchAll();
 	}
+
+	/**
+	 * @param string $password
+	 * @throws \Exception
+	 */
+	private static function verifyPassword($password) {
+
+		$accepted = true;
+		$message = '';
+		\OCP\Util::emitHook('\OC\Share', 'verifyPassword', [
+			'password' => $password,
+			'accepted' => &$accepted,
+			'message' => &$message
+		]);
+
+		if (!$accepted) {
+			throw new \Exception($message);
+		}
+	}
 }