From ad91f39c4684ec277360286353a921a336181d7c Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Tue, 6 Apr 2021 16:00:44 +0000
Subject: [PATCH] Limit size of properties to 2048 characters

It is unreasonable to expect that one of these fields would be longer
than 2048 characters. Whilst some have definitely lower limits (such as
for phone numbers or domain names), a upper bound as sanity check makes
sense.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 lib/private/Accounts/AccountManager.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php
index 7b08fa3e59..ea8f99e021 100644
--- a/lib/private/Accounts/AccountManager.php
+++ b/lib/private/Accounts/AccountManager.php
@@ -144,6 +144,17 @@ class AccountManager implements IAccountManager {
 			}
 		}
 
+		// set a max length
+		foreach ($data as $propertyName => $propertyData) {
+			if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) {
+				if ($throwOnData) {
+					throw new \InvalidArgumentException($propertyName);
+				} else {
+					$data[$propertyName]['value'] = '';
+				}
+			}
+		}
+
 		$allowedScopes = [
 			self::SCOPE_PRIVATE,
 			self::SCOPE_LOCAL,