mirror of
https://github.com/derf/travelynx
synced 2024-12-04 18:29:11 +00:00
Do not error out when receiving UIDs > INT_MAX
This commit is contained in:
parent
be1e5dda23
commit
af5c26bf8a
2 changed files with 16 additions and 1 deletions
|
@ -159,7 +159,7 @@ sub verify {
|
|||
my $id = $self->stash('id');
|
||||
my $token = $self->stash('token');
|
||||
|
||||
if ( not $id =~ m{ ^ \d+ $ }x ) {
|
||||
if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
|
||||
$self->render( 'register', invalid => 'token' );
|
||||
return;
|
||||
}
|
||||
|
@ -528,6 +528,11 @@ sub recover_password {
|
|||
my $id = $self->stash('id');
|
||||
my $token = $self->stash('token');
|
||||
|
||||
if ( not $id =~ m{ ^ \d+ $ }x or $id > 2147483647 ) {
|
||||
$self->render( 'recover_password', invalid => 'recovery token' );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( $self->verify_password_token( $id, $token ) ) {
|
||||
$self->render('set_password');
|
||||
}
|
||||
|
|
|
@ -122,6 +122,16 @@ sub get_v1 {
|
|||
}
|
||||
my $uid = $+{id};
|
||||
$api_token = $+{token};
|
||||
|
||||
if ( $uid > 2147483647 ) {
|
||||
$self->render(
|
||||
json => {
|
||||
error => 'Malformed token',
|
||||
},
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
my $token = $self->get_api_token($uid);
|
||||
if ( $api_token ne $token->{$api_action} ) {
|
||||
$self->render(
|
||||
|
|
Loading…
Reference in a new issue