Enforce maximum email length

2019-06-07 11:28:58 -05:00
parent 1db648a525
commit ab3980cd38
1 changed files with 2 additions and 1 deletions
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -897,7 +897,8 @@ post "/login" do |env|
    next templated "error"
  end

-  email = env.params.body["email"]?.try &.downcase
+  # https://stackoverflow.com/a/574698
+  email = env.params.body["email"]?.try &.downcase.byte_slice(0, 254)
  password = env.params.body["password"]?

  account_type = env.params.query["type"]?