From 13b4572a2f58231272c7f40add706d561ecf4855 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Mon, 7 Mar 2022 18:12:43 +0100 Subject: limit password length to 10000 characters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit that should be sufficient… --- lib/Travelynx/Controller/Account.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/Travelynx/Controller') diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index 0435d51..97ea8ad 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -13,7 +13,7 @@ sub hash_password { my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); - return bcrypt( $password, '$2a$12$' . $salt ); + return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); } sub make_token { -- cgit v1.2.3