diff --git a/OurUmbraco/Our/Controllers/RegisterController.cs b/OurUmbraco/Our/Controllers/RegisterController.cs index f6e73c74..d0bd5189 100644 --- a/OurUmbraco/Our/Controllers/RegisterController.cs +++ b/OurUmbraco/Our/Controllers/RegisterController.cs @@ -41,7 +41,7 @@ namespace OurUmbraco.Our.Controllers } var memberService = Services.MemberService; - + if (memberService.GetByEmail(model.Email) != null) { ModelState.AddModelError("Email", "A member with that email address already exists"); @@ -60,6 +60,28 @@ namespace OurUmbraco.Our.Controllers return Redirect("/"); } + // these values are enforced in MemberDto which is internal ;-( + // we should really have ways to query for Core meta-data! + const int maxEmailLength = 900; // 1000*.9 for safety + const int maxLoginNameLength = 900; // 1000*.9 for safety + const int maxPasswordLength = 900; // 1000*.9 for safety + const int maxPropertyLength = 900; // keep it safe too + + if (model.Email.Length > maxEmailLength + || model.Name.Length > maxLoginNameLength + || model.Password.Length > maxPasswordLength + || model.Location.Length > maxPropertyLength + || model.Longitude.Length > maxPropertyLength + || model.Latitude.Length > maxPropertyLength + || model.Company.Length > maxPropertyLength + || model.TwitterAlias.Length > maxPropertyLength + ) + { + // has to be a rogue registration + // go away! + return Redirect("/"); + } + var member = memberService.CreateMember(model.Email, model.Email, model.Name, "member"); member.SetValue("location", model.Location); member.SetValue("longitude", model.Longitude); @@ -86,7 +108,7 @@ namespace OurUmbraco.Our.Controllers memberService.AssignRole(member.Username, "standard"); - memberService.SavePassword(member, model.Password); + memberService.SavePassword(member, model.Password); Members.Login(model.Email, model.Password);