X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=lib%2FPublicInbox%2FUnsubscribe.pm;h=fca300e5b67102592334cf99a97709494ca99470;hb=803914775816f7de5485fa397bad64e1bd404381;hp=1f5ce315a81651e6fa83a68c7b7d4b8de985ad5c;hpb=1f29b33d3f71b8a40f5ae76bf20b95618b518654;p=public-inbox.git
diff --git a/lib/PublicInbox/Unsubscribe.pm b/lib/PublicInbox/Unsubscribe.pm
index 1f5ce315..fca300e5 100644
--- a/lib/PublicInbox/Unsubscribe.pm
+++ b/lib/PublicInbox/Unsubscribe.pm
@@ -12,7 +12,7 @@ use warnings;
use Crypt::CBC;
use Plack::Util;
use MIME::Base64 qw(decode_base64url);
-my $CODE_URL = 'git://80x24.org/public-inbox.git';
+my $CODE_URL = 'https://public-inbox.org/public-inbox.git';
my @CT_HTML = ('Content-Type', 'text/html; charset=UTF-8');
sub new {
@@ -77,16 +77,17 @@ sub _user_list_addr {
'Missing mailing list name in path component');
}
my $user = eval { $self->{cipher}->decrypt(decode_base64url($u)) };
- if (!defined $user) {
+ if (!defined $user || index($user, '@') < 1) {
my $err = quotemeta($@);
my $errors = $env->{'psgi.errors'};
$errors->print("error decrypting: $u\n");
$errors->print("$_\n") for split("\n", $err);
+ $u = Plack::Util::encode_html($u);
return r($self, 400, 'Bad request', "Failed to decrypt: $u");
}
# The URLs are too damn long if we have the encrypted domain
- # name in the query string
+ # name in the PATH_INFO
if (index($list, '@') < 0) {
my $host = (split(':', $env->{HTTP_HOST}))[0];
$list .= '@'.$host;
@@ -135,7 +136,7 @@ sub r {
my ($self, $code, $title, @body) = @_;
[ $code, [ @CT_HTML ], [
"$title".
- join("\n", "$title\n", @body) . '
'.
+ join("\n", "$title\n", @body) . '
'.
"This page is available under AGPL-3.0+\n" .
"git clone $self->{code_url}\n" .
qq(Email $self->{contact} if you have any questions).
@@ -157,7 +158,7 @@ sub archive_info {
}
# protocol-relative URL: "//example.com/" => "https://example.com/"
- if ($archive_url =~ m!\A//!) {
+ if ($archive_url && $archive_url =~ m!\A//!) {
$archive_url = "$env->{'psgi.url_scheme'}:$archive_url";
}