www: use WwwStream for dumping thread and search views

[public-inbox.git] / lib / PublicInbox / Unsubscribe.pm

diff --git a/lib/PublicInbox/Unsubscribe.pm b/lib/PublicInbox/Unsubscribe.pm
index 1f5ce315a81651e6fa83a68c7b7d4b8de985ad5c..79234aa170aeb20a6cae3b5eff03b4e7d475cae7 100644 (file)
--- a/lib/PublicInbox/Unsubscribe.pm
+++ b/lib/PublicInbox/Unsubscribe.pm
@@ -77,16 +77,17 @@ sub _user_list_addr {
                        'Missing mailing list name in path component');
        }
        my $user = eval { $self->{cipher}->decrypt(decode_base64url($u)) };
-       if (!defined $user) {
+       if (!defined $user || index($user, '@') < 1) {
                my $err = quotemeta($@);
                my $errors = $env->{'psgi.errors'};
                $errors->print("error decrypting: $u\n");
                $errors->print("$_\n") for split("\n", $err);
+               $u = Plack::Util::encode_html($u);
                return r($self, 400, 'Bad request', "Failed to decrypt: $u");
        }
 
        # The URLs are too damn long if we have the encrypted domain
-       # name in the query string
+       # name in the PATH_INFO
        if (index($list, '@') < 0) {
                my $host = (split(':', $env->{HTTP_HOST}))[0];
                $list .= '@'.$host;
@@ -157,7 +158,7 @@ sub archive_info {
        }
 
        # protocol-relative URL:  "//example.com/" => "https://example.com/"
-       if ($archive_url =~ m!\A//!) {
+       if ($archive_url && $archive_url =~ m!\A//!) {
                $archive_url = "$env->{'psgi.url_scheme'}:$archive_url";
        }