From e79300a4a738cb39da7bec3f0f253f969938841c Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Sun, 17 Mar 2024 17:44:33 +0100
Subject: [PATCH] Reject requests with a query shorter than 3 characters

---
 .../controller/core/messages/MentionSuggestions.class.php      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/messages/MentionSuggestions.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/messages/MentionSuggestions.class.php
index 7238a04719..4312463f3d 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/messages/MentionSuggestions.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/messages/MentionSuggestions.class.php
@@ -19,6 +19,9 @@ final class MentionSuggestions implements IController
     public function __invoke(ServerRequestInterface $request, array $variables): ResponseInterface
     {
         $parameters = Helper::mapApiParameters($request, MentionSuggestionsParameters::class);
+        if (\mb_strlen($parameters->query) < 3) {
+            throw new UserInputException('query', 'tooShort');
+        }
 
         $query = \mb_strtolower($parameters->query);
         $matches = [];
-- 
2.20.1