From b700790bb48d40db241a39e035273f12b09675e7 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Mon, 1 Aug 2022 19:47:11 -0600
Subject: [PATCH] Update update_credentials endpoint, enforce validator limits

---
 app/Http/Controllers/Api/ApiV1Controller.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php
index 148ad22f4..c339e4dd3 100644
--- a/app/Http/Controllers/Api/ApiV1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Controller.php
@@ -217,10 +217,10 @@ class ApiV1Controller extends Controller
 
 		$this->validate($request, [
 			'avatar'			=> 'sometimes|mimetypes:image/jpeg,image/png|min:10|max:' . config('pixelfed.max_avatar_size'),
-			'display_name'      => 'nullable|string',
-			'note'              => 'nullable|string',
+			'display_name'      => 'nullable|string|max:30',
+			'note'              => 'nullable|string|max:200',
 			'locked'            => 'nullable',
-			'website'			=> 'nullable',
+			'website'			=> 'nullable|string|max:120',
 			// 'source.privacy'    => 'nullable|in:unlisted,public,private',
 			// 'source.sensitive'  => 'nullable|boolean'
 		], [