github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Remove email validation check bypass

Browse Source 
- Increase size of email column to varchar(513)
 - Give error message on signup when email is too large

Overall impact: Low, allows signups from blocked domains. Main risk is increased spam.
This commit is contained in:
Kane York
2015-07-13 13:40:52 -07:00
parent 4f103f7cc5
commit 2a897a8a6b
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/users_controller.rb
View File

@ -232,6 +232,10 @@ class UsersController < ApplicationController
return fail_with("login.password_too_long")
end
if params[:email] && params[:email].length > 254 + 1 + 253
return fail_with("login.email_too_long")
end
if SiteSetting.reserved_usernames.split("|").include? params[:username].downcase
return fail_with("login.reserved_username")
end