From ea3a9e0038a71c20cc31a9bdedc16c976d5bb43a Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Mon, 28 Apr 2014 11:51:00 -0700
Subject: [PATCH] User/Project: implement some sane length limits for names

User names and project names (each component if a fork) are now
limited to 64 characters.  Email addresses are now limited to 96
characters.

This should prevent any absurdly long passwd/group entries.
---
 Girocco/Project.pm | 7 +++++++
 Girocco/User.pm    | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/Girocco/Project.pm b/Girocco/Project.pm
index 9037809..2f3340f 100644
--- a/Girocco/Project.pm
+++ b/Girocco/Project.pm
@@ -394,10 +394,17 @@ sub cgi_fill {
 
 	$self->{cpwd} = $cgi->param('cpwd');
 
+	my ($forkee,$project) = ($self->{name} =~ m#^(.*/)?([^/]+)$#);
+	my $newtype = $forkee ? 'fork' : 'project';
+	length($project) <= 64
+		or $gcgi->err("The $newtype name is longer than 64 characters. Do you really need that much?");
+
 	if ($Girocco::Config::project_owners eq 'email') {
 		$self->{email} = $gcgi->wparam('email');
 		valid_email($self->{email})
 			or $gcgi->err("Your email sure looks weird...?");
+		length($self->{email}) <= 96
+			or $gcgi->err("Your email is longer than 96 characters. Do you really need that much?");
 	}
 
 	$self->{url} = $gcgi->wparam('url');
diff --git a/Girocco/User.pm b/Girocco/User.pm
index 39a1d24..21ae21f 100644
--- a/Girocco/User.pm
+++ b/Girocco/User.pm
@@ -231,9 +231,14 @@ sub cgi_fill {
 	Girocco::User::valid_name($self->{name})
 		or $gcgi->err("Name contains invalid characters.");
 
+	length($self->{name}) <= 64
+		or $gcgi->err("Your user name is longer than 64 characters. Do you really need that much?");
+
 	$self->{email} = $gcgi->wparam('email');
 	valid_email($self->{email})
 		or $gcgi->err("Your email sure looks weird...?");
+	length($self->{email}) <= 96
+		or $gcgi->err("Your email is longer than 96 characters. Do you really need that much?");
 
 	$self->keys_fill($gcgi);
 }
-- 
2.11.4.GIT