diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2021-04-30 10:27:45 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-30 10:27:45 +0300 |
| commit | 31b6443091ad6e8da34073365a283dfaf13959f2 (patch) | |
| tree | f7909b1d7b1947421db0a870f2cf3eedb59fad13 | |
| parent | 3b1ac613311387510abb85c8aee5028c20578031 (diff) | |
| parent | 4ec4a99869b1d5f9f6fbcc4643440b719d7c04a3 (diff) | |
Merge pull request #26542 from nextcloud/stable20-26433
[stable20] Limit size of properties to 2048 characters
| -rw-r--r-- | lib/private/Accounts/AccountManager.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php index 1f23e7e33a3..24adeaeb3ac 100644 --- a/lib/private/Accounts/AccountManager.php +++ b/lib/private/Accounts/AccountManager.php @@ -93,6 +93,14 @@ class AccountManager implements IAccountManager { public function updateUser(IUser $user, $data) { $userData = $this->getUser($user); $updated = true; + + // set a max length + foreach ($data as $propertyName => $propertyData) { + if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) { + $data[$propertyName]['value'] = ''; + } + } + if (empty($userData)) { $this->insertNewUser($user, $data); } elseif ($userData !== $data) { |