Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarl Schwan <carl@carlschwan.eu>2022-07-05 12:47:25 +0300
committerCarl Schwan <carl@carlschwan.eu>2022-07-05 12:47:25 +0300
commitf99a06c89a116cbc447b5fb5d2ec27462b9fba51 (patch)
tree7d40b7a5cbe861549f4f024795b54ba716076207
parent1c23c029af1ef83935badb8b63cb4dffac59b1e4 (diff)
Don't allow setting password bigger than 469 charactersfeat/handle-onetime-password-large
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Diffstat
-rw-r--r--apps/settings/lib/Controller/ChangePasswordController.php11
-rw-r--r--apps/settings/src/components/UserList/UserRow.vue1
-rw-r--r--apps/settings/templates/settings/personal/security/password.php1
3 files changed, 12 insertions, 1 deletions
diff --git a/apps/settings/lib/Controller/ChangePasswordController.php b/apps/settings/lib/Controller/ChangePasswordController.php
index 7c3ab9546bc..41f2584721c 100644
--- a/apps/settings/lib/Controller/ChangePasswordController.php
+++ b/apps/settings/lib/Controller/ChangePasswordController.php
@@ -107,7 +107,7 @@ class ChangePasswordController extends Controller {
}
try {
- if ($newpassword === null || $user->setPassword($newpassword) === false) {
+ if ($newpassword === null || strlen($newpassword) > 469 || $user->setPassword($newpassword) === false) {
return new JSONResponse([
'status' => 'error',
'data' => [
@@ -158,6 +158,15 @@ class ChangePasswordController extends Controller {
]);
}
+ if (strlen($password) > 469) {
+ return new JSONResponse([
+ 'status' => 'error',
+ 'data' => [
+ 'message' => $this->l->t('Unable to change password. Password too long.'),
+ ],
+ ]);
+ }
+
$currentUser = $this->userSession->getUser();
$targetUser = $this->userManager->get($username);
if ($currentUser === null || $targetUser === null ||
diff --git a/apps/settings/src/components/UserList/UserRow.vue b/apps/settings/src/components/UserList/UserRow.vue
index de0a09f2221..f2947019f40 100644
--- a/apps/settings/src/components/UserList/UserRow.vue
+++ b/apps/settings/src/components/UserList/UserRow.vue
@@ -107,6 +107,7 @@
ref="password"
:disabled="loading.password || loading.all"
:minlength="minPasswordLength"
+ maxlength="469"
:placeholder="t('settings', 'Add new password')"
autocapitalize="off"
autocomplete="new-password"
diff --git a/apps/settings/templates/settings/personal/security/password.php b/apps/settings/templates/settings/personal/security/password.php
index 88536ab6b23..85959e252cc 100644
--- a/apps/settings/templates/settings/personal/security/password.php
+++ b/apps/settings/templates/settings/personal/security/password.php
@@ -46,6 +46,7 @@ if ($_['passwordChangeSupported']) {
<div class="personal-show-container">
<label for="pass2" class="hidden-visually"><?php p($l->t('New password'));?>: </label>
<input type="password" id="pass2" name="newpassword"
+ maxlength="469"
placeholder="<?php p($l->t('New password')); ?>"
data-typetoggle="#personal-show"
autocomplete="new-password" autocapitalize="none" autocorrect="off" />
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 16:31:16 +0300