diff --git a/api/classes/organizr.class.php b/api/classes/organizr.class.php index 978833991..e802000d0 100644 --- a/api/classes/organizr.class.php +++ b/api/classes/organizr.class.php @@ -5112,6 +5112,9 @@ public function addTab($array) $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } + if (!$this->qualifyLength($array['name'], 50, true)) { + return false; + } } else { $this->setAPIResponse('error', 'Tab name was not supplied', 422); return false; @@ -5162,6 +5165,9 @@ public function updateTab($id, $array) $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } + if (!$this->qualifyLength($array['name'], 50, true)) { + return false; + } } if (array_key_exists('default', $array)) { if ($array['default']) { @@ -5248,6 +5254,9 @@ public function addCategory($array) $this->setAPIResponse('error', 'Category name: ' . $array['category'] . ' is already taken', 409); return false; } + if (!$this->qualifyLength($array['category'], 50, true)) { + return false; + } } else { $this->setAPIResponse('error', 'Category name was not supplied', 422); return false; @@ -5296,6 +5305,9 @@ public function updateCategory($id, $array) $this->setAPIResponse('error', 'Category name: ' . $array['category'] . ' is already taken', 409); return false; } + if (!$this->qualifyLength($array['category'], 50, true)) { + return false; + } } if (array_key_exists('image', $array)) { $array['image'] = $this->sanitizeUserString($array['image']); @@ -6487,6 +6499,9 @@ public function updateUser($id, $array) $this->setAPIResponse('error', 'Username: ' . $array['username'] . ' is already taken', 409); return false; } + if (!$this->qualifyLength($array['username'], 50, true)) { + return false; + } } if (array_key_exists('email', $array)) { if ($array['email'] == '') { @@ -6503,6 +6518,9 @@ public function updateUser($id, $array) $this->setAPIResponse('error', 'Email: ' . $array['email'] . ' is already taken', 409); return false; } + if (!$this->qualifyLength($array['email'], 50, true)) { + return false; + } } if (array_key_exists('group_id', $array)) { if ($array['group_id'] == '') { @@ -6622,6 +6640,15 @@ public function addUser($array) $this->setResponse(409, 'Email is not a valid email', ['email' => $email]); return false; } + if (!$this->qualifyLength($username, 50, true)) { + return false; + } + if (!$this->qualifyLength($email, 50, true)) { + return false; + } + if (!$this->qualifyLength($password, 200, true)) { + return false; + } $this->setLoggerChannel('User Management'); if ($this->createUser($username, $password, $email)) { $this->logger->info('Account created for [' . $username . ']'); @@ -6660,6 +6687,15 @@ public function createUser($username, $password, $email = null) $this->setAPIResponse('error', 'Username: ' . $username . ' or Email: ' . $email . ' is already taken', 409); return false; } + if (!$this->qualifyLength($username, 50, true)) { + return false; + } + if (!$this->qualifyLength($email, 50, true)) { + return false; + } + if (!$this->qualifyLength($password, 200, true)) { + return false; + } $defaults = $this->getDefaultGroup(); $userInfo = [ 'username' => $username, @@ -6714,6 +6750,9 @@ public function updateGroup($id, $array) $this->setAPIResponse('error', 'Group name: ' . $array['group'] . ' is already taken', 409); return false; } + if (!$this->qualifyLength($array['group'], 50, true)) { + return false; + } } if (array_key_exists('image', $array)) { if ($array['image'] == '') { @@ -6794,6 +6833,9 @@ public function addGroup($array) $this->setAPIResponse('error', 'Group name: ' . $array['group'] . ' is already taken', 409); return false; } + if (!$this->qualifyLength($array['group'], 50, true)) { + return false; + } } else { $this->setAPIResponse('error', 'Group name was not supplied', 422); return false;