Limit size of properties to 2048 characters

It is unreasonable to expect that one of these fields would be longer
than 2048 characters. Whilst some have definitely lower limits (such as
for phone numbers or domain names), a upper bound as sanity check makes
sense.

Backport of https://github.com/nextcloud/server/pull/26433

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2021-04-13 15:24:20 +00:00 committed by Roeland Jago Douma
parent a3fb7914c5
commit 845a67c02b
1 changed files with 8 additions and 0 deletions

View File

@ -93,6 +93,14 @@ class AccountManager implements IAccountManager {
public function updateUser(IUser $user, $data) { public function updateUser(IUser $user, $data) {
$userData = $this->getUser($user); $userData = $this->getUser($user);
$updated = true; $updated = true;
// set a max length
foreach ($data as $propertyName => $propertyData) {
if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) {
$data[$propertyName]['value'] = '';
}
}
if (empty($userData)) { if (empty($userData)) {
$this->insertNewUser($user, $data); $this->insertNewUser($user, $data);
} elseif ($userData !== $data) { } elseif ($userData !== $data) {