From 8fae2beeceffcf67f31a93ba759ecddc06f54554 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Thu, 8 Oct 2020 15:04:38 +0200
Subject: [PATCH] Limit throttler to 48 hours

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/private/Security/Bruteforce/Throttler.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 377d9c309b4..e1d9127a7bb 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -226,6 +226,11 @@ class Throttler {
 	 * @return int
 	 */
 	public function getAttempts(string $ip, string $action = '', float $maxAgeHours = 12): int {
+		if ($maxAgeHours > 48) {
+			$this->logger->error('Bruteforce has to use less than 48 hours');
+			$maxAgeHours = 48;
+		}
+
 		if ($ip === '') {
 			return 0;
 		}
-- 
GitLab