Do not error out when receiving UIDs > INT_MAX (af5c26bf) · Commits · derf / travelynx

lib/Travelynx/Controller/Account.pm

+6 −1

Original line number	Diff line number	Diff line
		@@ -159,7 +159,7 @@ sub verify {
		my $id = $self->stash('id');
		my $token = $self->stash('token');

		if ( not $id =~ m{ ^ \d+ $ }x ) {
		if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
		$self->render( 'register', invalid => 'token' );
		return;
		}
		@@ -528,6 +528,11 @@ sub recover_password {
		my $id = $self->stash('id');
		my $token = $self->stash('token');

		if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
		$self->render( 'recover_password', invalid => 'recovery token' );
		return;
		}

		if ( $self->verify_password_token( $id, $token ) ) {
		$self->render('set_password');
		}

+10 −0

Original line number	Diff line number	Diff line
		@@ -122,6 +122,16 @@ sub get_v1 {
		}
		my $uid = $+{id};
		$api_token = $+{token};

		if ( $uid > 2147483647 ) {
		$self->render(
		json => {
		error => 'Malformed token',
		},
		);
		return;
		}

		my $token = $self->get_api_token($uid);
		if ( $api_token ne $token->{$api_action} ) {
		$self->render(