]> Sergey Matveev's repositories - public-inbox.git/commitdiff
projects / public-inbox.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f11a21a)
unsubscribe: prevent decrypt from showing random crap
authorEric Wong <e@80x24.org>
Sat, 21 May 2016 04:35:04 +0000 (04:35 +0000)
committerEric Wong <e@80x24.org>
Sat, 21 May 2016 04:35:04 +0000 (04:35 +0000)
Wow, I don't know crypto at all.

lib/PublicInbox/Unsubscribe.pm patch | blob | history

diff --git a/lib/PublicInbox/Unsubscribe.pm b/lib/PublicInbox/Unsubscribe.pm
index 4ccdb7e0e33b38f8308650a4119a68cbc82bfe8a..97ff97f66eda6729ae42075c28b0e8174e9ed597 100644 (file)
--- a/lib/PublicInbox/Unsubscribe.pm
+++ b/lib/PublicInbox/Unsubscribe.pm
@@ -77,7 +77,7 @@ sub _user_list_addr {
                        'Missing mailing list name in path component');
        }
        my $user = eval { $self->{cipher}->decrypt(decode_base64url($u)) };
-       if (!defined $user || $user eq '') {
+       if (!defined $user || index($user, '@') <= 1) {
                my $err = quotemeta($@);
                my $errors = $env->{'psgi.errors'};
                $errors->print("error decrypting: $u\n");
My patches to https://public-inbox.org/public-inbox.git