From 3e7f67f589267e61f823d19824f3ee1b9a8a38ff Mon Sep 17 00:00:00 2001
From: Matias Griese <matias@trilbymedia.com>
Date: Thu, 17 Mar 2022 13:04:06 +0200
Subject: [PATCH] Set default maximum length for text fields

---
 CHANGELOG.md                               |  7 ++++++-
 system/src/Grav/Common/Data/Validation.php | 22 ++++++++++++++++++++--
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b77eabea83..0a03cd199d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,8 +3,13 @@
 
 1. [](#new)
     * Added `|replace_last(search, replace)` filter
-1. [](#improved)
+2. [](#improved)
     * Added multi-language support for page routes in `Utils::url()`
+    * Set default maximum length for text fields
+      - `password`: 256
+      - `email`: 320
+      - `text`, `url`, `hidden`, `commalist`: 2048
+      - `text` (multiline), `textarea`: 65536
 
 # v1.7.31
 ## 03/14/2022
diff --git a/system/src/Grav/Common/Data/Validation.php b/system/src/Grav/Common/Data/Validation.php
index 569ea512ae..4b2bbf776a 100644
--- a/system/src/Grav/Common/Data/Validation.php
+++ b/system/src/Grav/Common/Data/Validation.php
@@ -246,7 +246,9 @@ public static function typeText($value, array $params, array $field)
             return false;
         }
 
-        $max = (int)($params['max'] ?? 0);
+        $multiline = isset($params['multiline']) && $params['multiline'];
+
+        $max = (int)($params['max'] ?? ($multiline ? 65536 : 2048));
         if ($max && $len > $max) {
             return false;
         }
@@ -256,7 +258,7 @@ public static function typeText($value, array $params, array $field)
             return false;
         }
 
-        if ((!isset($params['multiline']) || !$params['multiline']) && preg_match('/\R/um', $value)) {
+        if (!$multiline && preg_match('/\R/um', $value)) {
             return false;
         }
 
@@ -317,6 +319,10 @@ protected static function filterCommaList($value, array $params, array $field)
      */
     public static function typeCommaList($value, array $params, array $field)
     {
+        if (!isset($params['max'])) {
+            $params['max'] = 2048;
+        }
+
         return is_array($value) ? true : self::typeText($value, $params, $field);
     }
 
@@ -379,6 +385,10 @@ public static function typeTextarea($value, array $params, array $field)
      */
     public static function typePassword($value, array $params, array $field)
     {
+        if (!isset($params['max'])) {
+            $params['max'] = 256;
+        }
+
         return self::typeText($value, $params, $field);
     }
 
@@ -621,6 +631,10 @@ public static function typeColor($value, array $params, array $field)
      */
     public static function typeEmail($value, array $params, array $field)
     {
+        if (!isset($params['max'])) {
+            $params['max'] = 320;
+        }
+
         $values = !is_array($value) ? explode(',', preg_replace('/\s+/', '', $value)) : $value;
 
         foreach ($values as $val) {
@@ -642,6 +656,10 @@ public static function typeEmail($value, array $params, array $field)
      */
     public static function typeUrl($value, array $params, array $field)
     {
+        if (!isset($params['max'])) {
+            $params['max'] = 2048;
+        }
+
         return self::typeText($value, $params, $field) && filter_var($value, FILTER_VALIDATE_URL);
     }