Limit size of properties to 2048 characters
It is unreasonable to expect that one of these fields would be longer than 2048 characters. Whilst some have definitely lower limits (such as for phone numbers or domain names), a upper bound as sanity check makes sense. Backport of https://github.com/nextcloud/server/pull/26433 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
parent
a3fb7914c5
commit
845a67c02b
|
@ -93,6 +93,14 @@ class AccountManager implements IAccountManager {
|
||||||
public function updateUser(IUser $user, $data) {
|
public function updateUser(IUser $user, $data) {
|
||||||
$userData = $this->getUser($user);
|
$userData = $this->getUser($user);
|
||||||
$updated = true;
|
$updated = true;
|
||||||
|
|
||||||
|
// set a max length
|
||||||
|
foreach ($data as $propertyName => $propertyData) {
|
||||||
|
if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) {
|
||||||
|
$data[$propertyName]['value'] = '';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (empty($userData)) {
|
if (empty($userData)) {
|
||||||
$this->insertNewUser($user, $data);
|
$this->insertNewUser($user, $data);
|
||||||
} elseif ($userData !== $data) {
|
} elseif ($userData !== $data) {
|
||||||
|
|
Loading…
Reference in New Issue