Do not error out when receiving UIDs > INT_MAX1.1.2

author: Daniel Friesel <derf@finalrewind.org> 2019-05-02 11:34:52 +0200
committer: Daniel Friesel <derf@finalrewind.org> 2019-05-02 11:34:52 +0200
commit: af5c26bf8a4a75935d8d34f17576a135a8eabff9 (patch)
tree: 182fd2dd01462aab7b0bbc70877fa3623e306bee /lib/Travelynx/Controller/Account.pm
parent: be1e5dda23b5bac86898ac548ca1ecd2e6a3fb08 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index f7d3a75..081aa13 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -159,7 +159,7 @@ sub verify {
 	my $id    = $self->stash('id');
 	my $token = $self->stash('token');
 
-	if ( not $id =~ m{ ^ \d+ $ }x ) {
+	if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
 		$self->render( 'register', invalid => 'token' );
 		return;
 	}
@@ -528,6 +528,11 @@ sub recover_password {
 	my $id    = $self->stash('id');
 	my $token = $self->stash('token');
 
+	if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
+		$self->render( 'recover_password', invalid => 'recovery token' );
+		return;
+	}
+
 	if ( $self->verify_password_token( $id, $token ) ) {
 		$self->render('set_password');
 	}
author	Daniel Friesel <derf@finalrewind.org>	2019-05-02 11:34:52 +0200
committer	Daniel Friesel <derf@finalrewind.org>	2019-05-02 11:34:52 +0200
commit	af5c26bf8a4a75935d8d34f17576a135a8eabff9 (patch)
tree	182fd2dd01462aab7b0bbc70877fa3623e306bee /lib/Travelynx/Controller/Account.pm
parent	be1e5dda23b5bac86898ac548ca1ecd2e6a3fb08 (diff)