From eb380f922c9a512055f85d255ed2db4ddfee3d59 Mon Sep 17 00:00:00 2001
From: Andre Klapper <a9016009@gmx.de>
Date: Fri, 29 Nov 2024 15:20:29 +0100
Subject: [PATCH] Account registration: Restrict Real Name length

Summary:
Avoid a database exception at user account registration when users enter very long real names by setting a maximum length.
This does not affect existing account data as it is only called in the account registration code.

Fixes T15962

Test Plan: Go to http://phorge.localhost/auth/register/ and enter long values into the "Real Name" field

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: l2dy, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15962

Differential Revision: https://we.phorge.it/D25841
---
 .../controller/PhabricatorAuthRegisterController.php  |  4 ++++
 src/applications/people/storage/PhabricatorUser.php   | 11 +++++++++++
 2 files changed, 15 insertions(+)

diff --git a/src/applications/auth/controller/PhabricatorAuthRegisterController.php b/src/applications/auth/controller/PhabricatorAuthRegisterController.php
index a71e576476..fdd0bc81ce 100644
--- a/src/applications/auth/controller/PhabricatorAuthRegisterController.php
+++ b/src/applications/auth/controller/PhabricatorAuthRegisterController.php
@@ -342,6 +342,10 @@ final class PhabricatorAuthRegisterController
         if (!strlen($value_realname) && $require_real_name) {
           $e_realname = pht('Required');
           $errors[] = pht('Real name is required.');
+        } else if ($value_realname &&
+                 !PhabricatorUser::validateRealName($value_realname)) {
+          $e_realname = pht('Invalid');
+          $errors[] = PhabricatorUser::describeValidRealName();
         } else {
           $e_realname = null;
         }
diff --git a/src/applications/people/storage/PhabricatorUser.php b/src/applications/people/storage/PhabricatorUser.php
index dc39868923..2c9cf9f877 100644
--- a/src/applications/people/storage/PhabricatorUser.php
+++ b/src/applications/people/storage/PhabricatorUser.php
@@ -26,6 +26,7 @@ final class PhabricatorUser
   const SESSION_TABLE = 'phabricator_session';
   const NAMETOKEN_TABLE = 'user_nametoken';
   const MAXIMUM_USERNAME_LENGTH = 64;
+  const MAXIMUM_REALNAME_LENGTH = 256;
 
   protected $userName;
   protected $realName;
@@ -550,6 +551,16 @@ final class PhabricatorUser
     return (bool)preg_match('/^[a-zA-Z0-9._-]*[a-zA-Z0-9_-]\z/', $username);
   }
 
+  public static function describeValidRealName() {
+    return pht(
+      'Real Name must have no more than %d characters.',
+      new PhutilNumber(self::MAXIMUM_REALNAME_LENGTH));
+  }
+
+  public static function validateRealName($realname) {
+    return strlen($realname) <= self::MAXIMUM_REALNAME_LENGTH;
+  }
+
   public static function getDefaultProfileImageURI() {
     return celerity_get_resource_uri('/rsrc/image/avatar.png');
   }