fix(files_sharing): reject custom share tokens longer than the databa…#61630
Open
amitmishra11 wants to merge 1 commit into
Open
fix(files_sharing): reject custom share tokens longer than the databa…#61630amitmishra11 wants to merge 1 commit into
amitmishra11 wants to merge 1 commit into
Conversation
…se column validateToken() only checked for an empty string and an invalid character set, not length. A custom share token longer than 32 characters passes validation, then fails at the database layer (oc_share.token is varchar(32)) with a raw SQL exception instead of a clear validation error. Add a max-length check matching the column size, and mention the limit in the existing error message. Assisted-by: ClaudeCode:claude-sonnet-4-6 Signed-off-by: Amit Mishra <amit.mishra.eee21@itbhu.ac.in>
amitmishra11
requested review from
Altahrim,
come-nc,
icewind1991 and
provokateurin
and removed request for
a team
susnux
approved these changes
Jun 27, 2026
susnux
added
bug
3. to review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
validateToken() in ShareAPIController only checked that a custom share token was non-empty and matched the allowed character set, but never checked its length. The oc_share.token database column is varchar(32), so a longer token currently passes validation and then fails at the database layer with a raw, unhelpful SQL error instead of a clean validation message.
This adds a max-length check matching the column size and updates the error message to mention the limit.
Added a test for validateToken() covering the empty, valid, and invalid-character cases plus the new 32/33-character boundary (32 should pass, 33 should fail).
This PR was prepared with AI assistance (Claude Code); I reviewed the change before submitting it.