From af5c26bf8a4a75935d8d34f17576a135a8eabff9 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Thu, 2 May 2019 11:34:52 +0200
Subject: Do not error out when receiving UIDs > INT_MAX

---
 lib/Travelynx/Controller/Account.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'lib/Travelynx/Controller/Account.pm')

diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index f7d3a75..081aa13 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -159,7 +159,7 @@ sub verify {
 	my $id    = $self->stash('id');
 	my $token = $self->stash('token');
 
-	if ( not $id =~ m{ ^ \d+ $ }x ) {
+	if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
 		$self->render( 'register', invalid => 'token' );
 		return;
 	}
@@ -528,6 +528,11 @@ sub recover_password {
 	my $id    = $self->stash('id');
 	my $token = $self->stash('token');
 
+	if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
+		$self->render( 'recover_password', invalid => 'recovery token' );
+		return;
+	}
+
 	if ( $self->verify_password_token( $id, $token ) ) {
 		$self->render('set_password');
 	}
-- 
cgit v1.2.3