Steps to reproduce:

  1. Clean install in D7 and Password Policy
  2. Add a new policy
  3. Enter the following as a description:
  4. Your password is case-sensitive must include uppercase, lowercase numbers and symbols. It can be up to 128 characters long. It must be at least 8 characters and must include at least: 2 Numbers 2 Uppercase 2 Symbols It cannot contain your username.
  5. Click save

Admin UI shows: The website encountered an unexpected error. Please try again later.
Watchdog shows: PDOException: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'description' at row 1: UPDATE {password_policy} SET name=:db_update_placeholder_0, description=:db_update_placeholder_1, policy=:db_update_placeholder_2, expiration=:db_update_placeholder_3, warning=:db_update_placeholder_4 WHERE (pid = :db_condition_placeholder_0) ; Array ( [:db_update_placeholder_0] => Complexity Policy [:db_update_placeholder_1] => Your password is case-sensitive must include uppercase, lowercase numbers and symbols. It can be up to 128 characters long. It must be at least 8 characters and must include at least: 2 Numbers 2 Uppercase 2 Symbols It cannot include: Contain your username [:db_update_placeholder_2] => a:12:{s:12:"alphanumeric";s:1:"3";s:5:"digit";s:1:"2";s:15:"digit_placement";s:1:"1";s:9:"uppercase";s:1:"2";s:11:"punctuation";s:1:"2";s:9:"lowercase";s:1:"1";s:8:"username";s:1:"1";s:5:"delay";s:2:"48";s:6:"length";s:1:"8";s:6:"letter";s:1:"3";s:7:"history";s:1:"3";s:10:"complexity";s:1:"4";} [:db_update_placeholder_3] => 0 [:db_update_placeholder_4] => [:db_condition_placeholder_0] => 1 ) in password_policy_admin_form_submit() (line 426 of [your web-root]/sites/www.example.com/modules/password_policy/password_policy.admin.inc).

This seems like a pretty straight-forward fix.
Maybe a combination of:
Adding a length validation check for the description field that matches the db field size so the error message is more intelligible.
Making description - currently varchar(255) - a bit larger, to give more flexibility to describe complex policies

Comments

erikwebb’s picture

I'm curious, what is your description that you're using?

I think we should at least restrict the input to 255 characters to prevent this error.

erikwebb’s picture

Sorry, just re-read your issue. Maybe what we need is to change the description help text. The requirements will be printed alongside the password field anyway, so you don't really need to put those directly in the subscription. Without those directions, I think 255 is probably enough (although we should add validation to that).

erikwebb’s picture

Title: Long policy descriptions trigger PDOException: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'des » Policy description field length not validated
Version: 7.x-1.3 » 7.x-1.x-dev
Status: Active » Needs review
StatusFileSize
new592 bytes

I think we can safely just limit the field to 255 characters. The policy description doesn't need to include all of the required constraints, so 255 is probably enough for general information.

erikwebb’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.