From e48ab9329bc522b5e3ff7ed35666ca17a6b7f4af Mon Sep 17 00:00:00 2001
From: Stefan <Stefan_Hahn1@gmx.net>
Date: Fri, 2 Sep 2016 17:27:42 +0200
Subject: [PATCH] Add length check for package name

---
 wcfsetup/install/files/lib/data/package/Package.class.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wcfsetup/install/files/lib/data/package/Package.class.php b/wcfsetup/install/files/lib/data/package/Package.class.php
index aa7d97429d..a82dde7d82 100644
--- a/wcfsetup/install/files/lib/data/package/Package.class.php
+++ b/wcfsetup/install/files/lib/data/package/Package.class.php
@@ -239,6 +239,8 @@ class Package extends DatabaseObject {
 	 * A valid package name begins with at least one alphanumeric character
 	 * or an underscore, followed by a dot, followed by at least one alphanumeric
 	 * character or an underscore and the same again, possibly repeatedly.
+	 * The package name cannot be any longer than 191 characters in total due to
+	 * internal database character encoding limitations.
 	 * Example:
 	 * 	com.woltlab.wcf
 	 * 
@@ -250,6 +252,10 @@ class Package extends DatabaseObject {
 	 * @return	boolean		isValid
 	 */
 	public static function isValidPackageName($packageName) {
+		if (mb_strlen($packageName) < 3 || mb_strlen($packageName) > 191) {
+			return false;
+		}
+		
 		return preg_match('%^[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$%', $packageName);
 	}
 	
-- 
2.20.1