fix more lengths of user inputs

api/classes/organizr.class.php

@@ -5112,6 +5112,9 @@ public function addTab($array)
 				$this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409);
 				return false;
 			}
+			if (!$this->qualifyLength($array['name'], 50, true)) {
+				return false;
+			}
 		} else {
 			$this->setAPIResponse('error', 'Tab name was not supplied', 422);
 			return false;
@@ -5162,6 +5165,9 @@ public function updateTab($id, $array)
 				$this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409);
 				return false;
 			}
+			if (!$this->qualifyLength($array['name'], 50, true)) {
+				return false;
+			}
 		}
 		if (array_key_exists('default', $array)) {
 			if ($array['default']) {
@@ -5248,6 +5254,9 @@ public function addCategory($array)
 				$this->setAPIResponse('error', 'Category name: ' . $array['category'] . ' is already taken', 409);
 				return false;
 			}
+			if (!$this->qualifyLength($array['category'], 50, true)) {
+				return false;
+			}
 		} else {
 			$this->setAPIResponse('error', 'Category name was not supplied', 422);
 			return false;
@@ -5296,6 +5305,9 @@ public function updateCategory($id, $array)
 				$this->setAPIResponse('error', 'Category name: ' . $array['category'] . ' is already taken', 409);
 				return false;
 			}
+			if (!$this->qualifyLength($array['category'], 50, true)) {
+				return false;
+			}
 		}
 		if (array_key_exists('image', $array)) {
 			$array['image'] = $this->sanitizeUserString($array['image']);
@@ -6487,6 +6499,9 @@ public function updateUser($id, $array)
 				$this->setAPIResponse('error', 'Username: ' . $array['username'] . ' is already taken', 409);
 				return false;
 			}
+			if (!$this->qualifyLength($array['username'], 50, true)) {
+				return false;
+			}
 		}
 		if (array_key_exists('email', $array)) {
 			if ($array['email'] == '') {
@@ -6503,6 +6518,9 @@ public function updateUser($id, $array)
 				$this->setAPIResponse('error', 'Email: ' . $array['email'] . ' is already taken', 409);
 				return false;
 			}
+			if (!$this->qualifyLength($array['email'], 50, true)) {
+				return false;
+			}
 		}
 		if (array_key_exists('group_id', $array)) {
 			if ($array['group_id'] == '') {
@@ -6622,6 +6640,15 @@ public function addUser($array)
 			$this->setResponse(409, 'Email is not a valid email', ['email' => $email]);
 			return false;
 		}
+		if (!$this->qualifyLength($username, 50, true)) {
+			return false;
+		}
+		if (!$this->qualifyLength($email, 50, true)) {
+			return false;
+		}
+		if (!$this->qualifyLength($password, 200, true)) {
+			return false;
+		}
 		$this->setLoggerChannel('User Management');
 		if ($this->createUser($username, $password, $email)) {
 			$this->logger->info('Account created for [' . $username . ']');
@@ -6660,6 +6687,15 @@ public function createUser($username, $password, $email = null)
 			$this->setAPIResponse('error', 'Username: ' . $username . ' or Email: ' . $email . ' is already taken', 409);
 			return false;
 		}
+		if (!$this->qualifyLength($username, 50, true)) {
+			return false;
+		}
+		if (!$this->qualifyLength($email, 50, true)) {
+			return false;
+		}
+		if (!$this->qualifyLength($password, 200, true)) {
+			return false;
+		}
 		$defaults = $this->getDefaultGroup();
 		$userInfo = [
 			'username' => $username,
@@ -6714,6 +6750,9 @@ public function updateGroup($id, $array)
 				$this->setAPIResponse('error', 'Group name: ' . $array['group'] . ' is already taken', 409);
 				return false;
 			}
+			if (!$this->qualifyLength($array['group'], 50, true)) {
+				return false;
+			}
 		}
 		if (array_key_exists('image', $array)) {
 			if ($array['image'] == '') {
@@ -6794,6 +6833,9 @@ public function addGroup($array)
 				$this->setAPIResponse('error', 'Group name: ' . $array['group'] . ' is already taken', 409);
 				return false;
 			}
+			if (!$this->qualifyLength($array['group'], 50, true)) {
+				return false;
+			}
 		} else {
 			$this->setAPIResponse('error', 'Group name was not supplied', 422);
 			return false;