Skip to content

[stable32] fix(files_sharing): reject custom share tokens longer than the db column#61827

Open
MiMoHo wants to merge 2 commits into
nextcloud:stable32from
MiMoHo:backport/61630/stable32
Open

[stable32] fix(files_sharing): reject custom share tokens longer than the db column#61827
MiMoHo wants to merge 2 commits into
nextcloud:stable32from
MiMoHo:backport/61630/stable32

Conversation

@MiMoHo

@MiMoHo MiMoHo commented Jul 5, 2026

Copy link
Copy Markdown

Backport of #61630 to stable32 (fixes #61416 there).

stable32 still ships the custom share link token feature but not the length validation: validateToken() only checks for an empty string and the character set, so a token longer than 32 characters passes validation and then fails at the database layer (oc_share.token is varchar(32)) with the generic "Failed to update share." instead of a clear validation message.

The fix is already merged to master (#61630) and stable34 (#61676); the stable33 backport is pending in #61675. stable32 was never requested, so this closes the gap for the remaining supported branch.

Both original commits are cherry-picked with authorship and sign-offs preserved (-x annotations included). One adaptation was needed: the test uses the fully qualified #[\PHPUnit\Framework\Attributes\DataProvider] attribute, matching the conventions in stable32's ShareAPIControllerTest.php (the bare DataProvider import and the surrounding mockTalkController helper from master do not exist on this branch).

🤖 Generated with Claude Code

amitmishra11 and others added 2 commits July 5, 2026 01:57
…se column

validateToken() only checked for an empty string and an invalid
character set, not length. A custom share token longer than 32
characters passes validation, then fails at the database layer
(oc_share.token is varchar(32)) with a raw SQL exception instead of
a clear validation error.

Add a max-length check matching the column size, and mention the
limit in the existing error message.

Assisted-by: ClaudeCode:claude-sonnet-4-6
Signed-off-by: Amit Mishra <amit.mishra.eee21@itbhu.ac.in>
(cherry picked from commit 7421ea7)
Co-authored-by: Josh <josh.t.richards@gmail.com>
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
(cherry picked from commit a40a092)
@MiMoHo MiMoHo requested a review from a team as a code owner July 5, 2026 00:14
@MiMoHo MiMoHo requested review from Altahrim, come-nc, icewind1991 and leftybournes and removed request for a team July 5, 2026 00:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants