diff options
author | Daniel Friesel <derf@finalrewind.org> | 2019-05-02 11:34:52 +0200 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2019-05-02 11:34:52 +0200 |
commit | af5c26bf8a4a75935d8d34f17576a135a8eabff9 (patch) | |
tree | 182fd2dd01462aab7b0bbc70877fa3623e306bee /lib/Travelynx/Controller/Account.pm | |
parent | be1e5dda23b5bac86898ac548ca1ecd2e6a3fb08 (diff) |
Do not error out when receiving UIDs > INT_MAX1.1.2
Diffstat (limited to 'lib/Travelynx/Controller/Account.pm')
-rw-r--r-- | lib/Travelynx/Controller/Account.pm | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index f7d3a75..081aa13 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -159,7 +159,7 @@ sub verify { my $id = $self->stash('id'); my $token = $self->stash('token'); - if ( not $id =~ m{ ^ \d+ $ }x ) { + if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) { $self->render( 'register', invalid => 'token' ); return; } @@ -528,6 +528,11 @@ sub recover_password { my $id = $self->stash('id'); my $token = $self->stash('token'); + if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) { + $self->render( 'recover_password', invalid => 'recovery token' ); + return; + } + if ( $self->verify_password_token( $id, $token ) ) { $self->render('set_password'); } |