Skip to content
Snippets Groups Projects
Commit af5c26bf authored by Birte Kristina Friesel's avatar Birte Kristina Friesel
Browse files

Do not error out when receiving UIDs > INT_MAX

parent be1e5dda
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/Travelynx/Controller/Account.pm
+ 6
1
View file @ af5c26bf
......@@ -159,7 +159,7 @@ sub verify {
my $id = $self->stash('id');
my $token = $self->stash('token');
if ( not $id =~ m{ ^ \d+ $ }x ) {
if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
$self->render( 'register', invalid => 'token' );
return;
}
......@@ -528,6 +528,11 @@ sub recover_password {
my $id = $self->stash('id');
my $token = $self->stash('token');
if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
$self->render( 'recover_password', invalid => 'recovery token' );
return;
}
if ( $self->verify_password_token( $id, $token ) ) {
$self->render('set_password');
}
......
lib/Travelynx/Controller/Api.pm
+ 10
0
View file @ af5c26bf
......@@ -122,6 +122,16 @@ sub get_v1 {
}
my $uid = $+{id};
$api_token = $+{token};
if ( $uid > 2147483647 ) {
$self->render(
json => {
error => 'Malformed token',
},
);
return;
}
my $token = $self->get_api_token($uid);
if ( $api_token ne $token->{$api_action} ) {
$self->render(
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment