Merge pull request from GHSA-p62j-hrxm-xcxf

This checks the following things:
- Validity of UTF-8 encoding of title, author, and page content
- Maximum soft and hard lengths of title, author, and page content (soft
  limits may be bypassed by uncancelling PlayerEditBookEvent; hard
  limits may not be bypassed)
- Maximum number of pages. Books with more than 50 pages may still be
  edited, but may not have new pages added.

src/item/WritableBookPage.php

@@ -23,17 +23,32 @@ declare(strict_types=1);
 
 namespace pocketmine\item;
 
+use pocketmine\utils\Limits;
 use pocketmine\utils\Utils;
+use function sprintf;
+use function strlen;
 
 class WritableBookPage{
+	public const PAGE_LENGTH_HARD_LIMIT_BYTES = Limits::INT16_MAX;
+	public const PHOTO_NAME_LENGTH_HARD_LIMIT_BYTES = Limits::INT16_MAX;
 
 	/** @var string */
 	private $text;
 	/** @var string */
 	private $photoName;
 
+	/**
+	 * @throws \InvalidArgumentException
+	 */
+	private static function checkLength(string $string, string $name, int $maxLength) : void{
+		if(strlen($string) > $maxLength){
+			throw new \InvalidArgumentException(sprintf("$name must be at most %d bytes, but have %d bytes", $maxLength, strlen($string)));
+		}
+	}
+
 	public function __construct(string $text, string $photoName = ""){
-		//TODO: data validation
+		self::checkLength($text, "Text", self::PAGE_LENGTH_HARD_LIMIT_BYTES);
+		self::checkLength($photoName, "Photo name", self::PHOTO_NAME_LENGTH_HARD_LIMIT_BYTES);
 		Utils::checkUTF8($text);
 		$this->text = $text;
 		$this->photoName = $photoName;