Upgrade to 3.9.6

2023-07-27 12:08:43 +02:00
parent f76fbaa53e
commit 7928c28702
58 changed files with 930 additions and 148 deletions
--- a/kirby/src/Cms/UserRules.php
+++ b/kirby/src/Cms/UserRules.php
@@ -341,12 +341,23 @@ class UserRules
 		#[SensitiveParameter]
 		string $password
 	): bool {
+		// too short passwords are ineffective
 		if (Str::length($password ?? null) < 8) {
 			throw new InvalidArgumentException([
 				'key' => 'user.password.invalid',
 			]);
 		}

+		// too long passwords can cause DoS attacks
+		// and are therefore blocked in the auth system
+		// (blocked here as well to avoid passwords
+		// that cannot be used to log in)
+		if (Str::length($password ?? null) > 1000) {
+			throw new InvalidArgumentException([
+				'key' => 'user.password.excessive',
+			]);
+		}
+
 		return true;
 	}