Skip to content

[stable33] fix(files_sharing): reject custom share tokens longer than the db column#61675

Draft
backportbot[bot] wants to merge 2 commits into
stable33from
backport/61630/stable33
Draft

[stable33] fix(files_sharing): reject custom share tokens longer than the db column#61675
backportbot[bot] wants to merge 2 commits into
stable33from
backport/61630/stable33

Conversation

@backportbot

@backportbot backportbot Bot commented Jun 30, 2026

Copy link
Copy Markdown

Backport of #61630

Warning, This backport's changes differ from the original and might be incomplete ⚠️

Todo

  • Review and resolve any conflicts
  • Review and verify the backported changes
  • Amend HEAD commit to remove the line stating to skip CI

Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports.

amitmishra11 and others added 2 commits June 30, 2026 13:58
…se column

validateToken() only checked for an empty string and an invalid
character set, not length. A custom share token longer than 32
characters passes validation, then fails at the database layer
(oc_share.token is varchar(32)) with a raw SQL exception instead of
a clear validation error.

Add a max-length check matching the column size, and mention the
limit in the existing error message.

Assisted-by: ClaudeCode:claude-sonnet-4-6
Signed-off-by: Amit Mishra <amit.mishra.eee21@itbhu.ac.in>
refactor: Avoid calling mb_strlen twice

Co-authored-by: Josh <josh.t.richards@gmail.com>

Signed-off-by: Carl Schwan <carl@carlschwan.eu>

[skip ci]
@backportbot backportbot Bot added bug 3. to review Waiting for reviews feature: sharing AI assisted community pull requests from community labels Jun 30, 2026
@backportbot backportbot Bot added this to the Nextcloud 33.0.7 milestone Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3. to review Waiting for reviews AI assisted bug community pull requests from community feature: sharing

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants