From ac3c70597dfc8f19627f2e9ad109e741021690a0 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Sat, 30 Oct 2021 10:03:40 +0200
Subject: Account: do not disclose denylist filename on open error

---
 lib/Travelynx/Controller/Account.pm | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index 12a059a..312cc9e 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -88,17 +88,21 @@ sub register {
 	if ( my $registration_denylist
 		= $self->app->config->{registration}->{denylist} )
 	{
-		open( my $fh, "<", $registration_denylist )
-		  or die("cannot open($registration_denylist)");
-		while ( my $line = <$fh> ) {
-			chomp $line;
-			if ( $ip eq $line ) {
-				close($fh);
-				$self->render( 'register', invalid => "denylist" );
-				return;
+		if ( open( my $fh, "<", $registration_denylist ) ) {
+			while ( my $line = <$fh> ) {
+				chomp $line;
+				if ( $ip eq $line ) {
+					close($fh);
+					$self->render( 'register', invalid => "denylist" );
+					return;
+				}
 			}
+			close($fh);
+		}
+		else {
+			$self->log->error("Cannot open($registration_denylist): $!");
+			die("Cannot verify registration: $!");
 		}
-		close($fh);
 	}
 
 	if ( my $error = $self->users->is_name_invalid( name => $user ) ) {
-- 
cgit v1.2.3