Reject requests with a query shorter than 3 characters

diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/messages/MentionSuggestions.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/messages/MentionSuggestions.class.php
index 7238a0471986bc8c87f6c4fe7e3ef334bfb14c4b..4312463f3d59f4dffa1e9bb5d1e8b1527b0c4dd0 100644 (file)
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/messages/MentionSuggestions.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/messages/MentionSuggestions.class.php
@@ -19,6 +19,9 @@ final class MentionSuggestions implements IController
     public function __invoke(ServerRequestInterface $request, array $variables): ResponseInterface
     {
         $parameters = Helper::mapApiParameters($request, MentionSuggestionsParameters::class);
+        if (\mb_strlen($parameters->query) < 3) {
+            throw new UserInputException('query', 'tooShort');
+        }
 
         $query = \mb_strtolower($parameters->query);
         $matches = [];