diff options
author | Carl Schwan <carl@carlschwan.eu> | 2022-07-05 12:47:25 +0300 |
---|---|---|
committer | Carl Schwan <carl@carlschwan.eu> | 2022-07-05 12:47:25 +0300 |
commit | f99a06c89a116cbc447b5fb5d2ec27462b9fba51 (patch) | |
tree | 7d40b7a5cbe861549f4f024795b54ba716076207 /apps/settings/lib/Controller/ChangePasswordController.php | |
parent | 1c23c029af1ef83935badb8b63cb4dffac59b1e4 (diff) |
Don't allow setting password bigger than 469 charactersfeat/handle-onetime-password-large
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Diffstat (limited to 'apps/settings/lib/Controller/ChangePasswordController.php')
-rw-r--r-- | apps/settings/lib/Controller/ChangePasswordController.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/apps/settings/lib/Controller/ChangePasswordController.php b/apps/settings/lib/Controller/ChangePasswordController.php index 7c3ab9546bc..41f2584721c 100644 --- a/apps/settings/lib/Controller/ChangePasswordController.php +++ b/apps/settings/lib/Controller/ChangePasswordController.php @@ -107,7 +107,7 @@ class ChangePasswordController extends Controller { } try { - if ($newpassword === null || $user->setPassword($newpassword) === false) { + if ($newpassword === null || strlen($newpassword) > 469 || $user->setPassword($newpassword) === false) { return new JSONResponse([ 'status' => 'error', 'data' => [ @@ -158,6 +158,15 @@ class ChangePasswordController extends Controller { ]); } + if (strlen($password) > 469) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Unable to change password. Password too long.'), + ], + ]); + } + $currentUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($username); if ($currentUser === null || $targetUser === null || |