From 15788f38c6eb3bcce19874d1a24da4bbb093bc83 Mon Sep 17 00:00:00 2001
From: Joe Bordes <joe@tsolucio.com>
Date: Sun, 21 Nov 2021 20:27:01 +0100
Subject: [PATCH] sec(Users) limit password length and eliminate unused
 parameter

---
 include/Webservices/ChangePassword.php | 3 ++-
 modules/Home/Homestuff.php             | 3 +--
 modules/Users/ChangePassword.js        | 1 +
 modules/Users/Save.php                 | 2 +-
 modules/Users/Users.php                | 2 +-
 modules/Vtiger/ExecuteFunctions.php    | 2 +-
 6 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/include/Webservices/ChangePassword.php b/include/Webservices/ChangePassword.php
index 59b1048363..a41a35507e 100644
--- a/include/Webservices/ChangePassword.php
+++ b/include/Webservices/ChangePassword.php
@@ -47,7 +47,8 @@ function vtws_changePassword($id, $oldPassword, $newPassword, $confirmPassword,
 			$db = PearDatabase::getInstance();
 			$db->dieOnError = false;
 			$db->startTransaction();
-			$success = $newUser->change_password($oldPassword, $newPassword, false);
+			$newPassword = substr($newPassword, 0, 1024);
+			$success = $newUser->change_password($oldPassword, $newPassword);
 			$error = $db->hasFailedTransaction();
 			$db->completeTransaction();
 			VTWS_PreserveGlobal::flush();
diff --git a/modules/Home/Homestuff.php b/modules/Home/Homestuff.php
index 92be48ed66..0191f3248e 100644
--- a/modules/Home/Homestuff.php
+++ b/modules/Home/Homestuff.php
@@ -16,8 +16,7 @@
 
 if (!empty($_REQUEST['stufftitle'])) {
 	if (strlen($_REQUEST['stufftitle'])>100) {
-		$temp_str = substr($_REQUEST['stufftitle'], 0, 97).'...';
-		$oHomestuff->stufftitle= $temp_str;
+		$oHomestuff->stufftitle= vtlib_purify(substr($_REQUEST['stufftitle'], 0, 97)).'...';
 	} else {
 		$oHomestuff->stufftitle = vtlib_purify($_REQUEST['stufftitle']);
 	}
diff --git a/modules/Users/ChangePassword.js b/modules/Users/ChangePassword.js
index 21e5f0d8f6..5476eaa1a1 100644
--- a/modules/Users/ChangePassword.js
+++ b/modules/Users/ChangePassword.js
@@ -106,6 +106,7 @@ function changepassword(is_admin, userid) {
 		document.getElementById('err_msg').innerHTML = err_msg;
 		return;
 	}
+	new_password = new_password.substring(0, 1024);
 	let password = corebos_Password.passwordChecker(new_password);
 	if (!password) {
 		err_msg = alert_arr['PASSWORD REQUIREMENTS NOT MET'];
diff --git a/modules/Users/Save.php b/modules/Users/Save.php
index 68b708f561..e8b4a36c2d 100644
--- a/modules/Users/Save.php
+++ b/modules/Users/Save.php
@@ -87,7 +87,7 @@
 if (isset($_REQUEST['changepassword']) && $_REQUEST['changepassword'] == 'true') {
 	$focus->retrieve_entity_info($_REQUEST['record'], 'Users');
 	$focus->id = vtlib_purify($_REQUEST['record']);
-	if (isset($_REQUEST['new_password']) && !$focus->change_password(vtlib_purify($_REQUEST['old_password']), vtlib_purify($_REQUEST['new_password']))) {
+	if (isset($_REQUEST['new_password']) && !$focus->change_password(vtlib_purify($_REQUEST['old_password']), vtlib_purify(substr($_REQUEST['new_password'], 0, 1024)))) {
 		header('Location: index.php?action=DetailView&module=Users&record='.$focus->id.'&error_string='.urlencode($focus->error_string));
 		exit;
 	}
diff --git a/modules/Users/Users.php b/modules/Users/Users.php
index 49b4b65fe2..acc236e1e7 100644
--- a/modules/Users/Users.php
+++ b/modules/Users/Users.php
@@ -522,7 +522,7 @@ public function get_user_crypt_type() {
 	 * @param string new password
 	 * @return boolean If passwords pass verification and query succeeds, return true, else return false
 	 */
-	public function change_password($user_password, $new_password, $dieOnError = true) {
+	public function change_password($user_password, $new_password) {
 		global $current_user, $log, $adb;
 		$usr_name = $this->column_fields['user_name'];
 		$log->debug("Starting password change for $usr_name");
diff --git a/modules/Vtiger/ExecuteFunctions.php b/modules/Vtiger/ExecuteFunctions.php
index 47545305c1..98880352dd 100644
--- a/modules/Vtiger/ExecuteFunctions.php
+++ b/modules/Vtiger/ExecuteFunctions.php
@@ -479,7 +479,7 @@
 			$focus->mode='edit';
 			$focus->id = $userid;
 			$focus->retrieve_entity_info($userid, 'Users');
-			$ret = $focus->change_password('old_password', vtlib_purify($_REQUEST['new_password']));
+			$ret = $focus->change_password('old_password', vtlib_purify(substr($_REQUEST['new_password'], 0, 1024)));
 			if ($ret) {
 				$ret = array('password'=>$ret);
 			} else {