MDL-25027 , Sam Hemeryk mentioned "core should be validating the incoming data to make sure that it meets the requirements we have, and any failure to meet those requirements (field length etc) should result in error/exception."
This is a follow up to that, basically web services needs to consistently provide moodle services. At the moment it is copying the validation routines and that is fine but what is being left out is data length validation. There is an implicit data length being imposed via the GUI which Web services is not validating for at all atm.
Web services have to implement some sort of DB-parameters context mapping or something to that effect which is able to validate the data length. Also all web service calls must be verified to be validating calls according their relevant GUI (html) input field lengths.
Thinking about GUI and its HTML based limitation of input length, data can still be posted to moodle bypassing those limitations. Perhaps it might be best to have a centralized way to validate all data lengths (and more? type etc). A data validation lib? This might be useful in managing changes to validations (web services/GUI/mobile app/other)
truncate_userinfo() seems to be an attempt as this but really isn't useful at all with Web services.
(this dabbling may provide a hint towards a solution - but its certainly not THE solution - https://github.com/nebgor/moodle/compare/mistress...MDL-25027_ws_validate_n_throw )