github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Limit passwords to 200 characters

Browse Source 
Prevents layer 8 attack.
This commit is contained in:
riking
2014-09-11 12:22:11 -07:00
committed by Robin Ward
parent 216ee9f2f1
commit 2c6d03f87f
8 changed files with 78 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/session_controller.rb
View File

@ -54,6 +54,8 @@ class SessionController < ApplicationController
params.require(:login)
params.require(:password)
return invalid_credentials if params[:password].length > User.max_password_length
login = params[:login].strip
login = login[1..-1] if login[0] == "@"