post.php: restore password length limit

2024-12-27 15:29:02 +01:00 · 2024-12-27 15:29:02 +01:00 · 57324f169d
commit 57324f169d
parent 8b2f002582
1 changed files with 5 additions and 0 deletions
--- a/post.php
+++ b/post.php
@ -1011,6 +1011,11 @@ function handle_post(Context $ctx)
        }
    }

+    // We must do this check now before the passowrd is hashed and overwritten.
+    if (\mb_strlen($_POST['password']) > 20) {
+        error(\sprintf($config['error']['toolong'], 'password'));
+    }
+
    $post['name'] = $_POST['name'] != '' ? $_POST['name'] : $config['anonymous'];
    $post['subject'] = $_POST['subject'];
    $post['email'] = str_replace(' ', '%20', htmlspecialchars($_POST['email']));