From: Eric Wong <e@80x24.org>
Date: Sat, 21 May 2016 04:35:04 +0000 (+0000)
Subject: unsubscribe: prevent decrypt from showing random crap
X-Git-Tag: v1.0.0~461^2~1
X-Git-Url: http://www.git.stargrave.org/?p=public-inbox.git;a=commitdiff_plain;h=751d334bd1d17031aa642e6c5cd53ff70eb28866

unsubscribe: prevent decrypt from showing random crap

Wow, I don't know crypto at all.
---

diff --git a/lib/PublicInbox/Unsubscribe.pm b/lib/PublicInbox/Unsubscribe.pm
index 4ccdb7e0..97ff97f6 100644
--- a/lib/PublicInbox/Unsubscribe.pm
+++ b/lib/PublicInbox/Unsubscribe.pm
@@ -77,7 +77,7 @@ sub _user_list_addr {
 			'Missing mailing list name in path component');
 	}
 	my $user = eval { $self->{cipher}->decrypt(decode_base64url($u)) };
-	if (!defined $user || $user eq '') {
+	if (!defined $user || index($user, '@') <= 1) {
 		my $err = quotemeta($@);
 		my $errors = $env->{'psgi.errors'};
 		$errors->print("error decrypting: $u\n");