From 751d334bd1d17031aa642e6c5cd53ff70eb28866 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Sat, 21 May 2016 04:35:04 +0000
Subject: unsubscribe: prevent decrypt from showing random crap

Wow, I don't know crypto at all.
---
 lib/PublicInbox/Unsubscribe.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/PublicInbox')

diff --git a/lib/PublicInbox/Unsubscribe.pm b/lib/PublicInbox/Unsubscribe.pm
index 4ccdb7e0..97ff97f6 100644
--- a/lib/PublicInbox/Unsubscribe.pm
+++ b/lib/PublicInbox/Unsubscribe.pm
@@ -77,7 +77,7 @@ sub _user_list_addr {
 			'Missing mailing list name in path component');
 	}
 	my $user = eval { $self->{cipher}->decrypt(decode_base64url($u)) };
-	if (!defined $user || $user eq '') {
+	if (!defined $user || index($user, '@') <= 1) {
 		my $err = quotemeta($@);
 		my $errors = $env->{'psgi.errors'};
 		$errors->print("error decrypting: $u\n");
-- 
cgit v1.2.3-24-ge0c7