From 845a67c02b3da3b758aebfe2b05285f8974458ea Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Tue, 13 Apr 2021 15:24:20 +0000
Subject: [PATCH] Limit size of properties to 2048 characters

It is unreasonable to expect that one of these fields would be longer
than 2048 characters. Whilst some have definitely lower limits (such as
for phone numbers or domain names), a upper bound as sanity check makes
sense.

Backport of https://github.com/nextcloud/server/pull/26433

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 lib/private/Accounts/AccountManager.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php
index e503ff5502103..8f0194cdd87e2 100644
--- a/lib/private/Accounts/AccountManager.php
+++ b/lib/private/Accounts/AccountManager.php
@@ -93,6 +93,14 @@ public function __construct(IDBConnection $connection,
 	public function updateUser(IUser $user, $data) {
 		$userData = $this->getUser($user);
 		$updated = true;
+
+		// set a max length
+		foreach ($data as $propertyName => $propertyData) {
+			if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) {
+				$data[$propertyName]['value'] = '';
+			}
+		}
+
 		if (empty($userData)) {
 			$this->insertNewUser($user, $data);
 		} elseif ($userData !== $data) {