reject messages with no @ in the ID

author Alvaro Herrera <alvherre@alvh.no-ip.org>

Wed, 18 Jan 2012 15:55:03 +0000 (12:55 -0300)

committer Alvaro Herrera <alvherre@alvh.no-ip.org>

Wed, 18 Jan 2012 15:55:03 +0000 (12:55 -0300)
author Alvaro Herrera <alvherre@alvh.no-ip.org>
Wed, 18 Jan 2012 15:55:03 +0000 (12:55 -0300)
committer Alvaro Herrera <alvherre@alvh.no-ip.org>
Wed, 18 Jan 2012 15:55:03 +0000 (12:55 -0300)
diff --git a/archives/html/msgtxt.php b/archives/html/msgtxt.php

index 639c1dfd9b54c851b409109920516f38106b0ee2..1d2c792e0962a7384ea56feed8eaf4b7946ec276 100644 (file)
--- a/archives/html/msgtxt.php
+++ b/archives/html/msgtxt.php
@@ -3,6 +3,12 @@
  $id = $_GET["id"];
  $id = str_replace("/", "_", $id);
  
+if (strpos($id, "@") == FALSE) {
+       header("Status: 404 fucked up message-id");
+       print("go away, you insensitive clod\n");
+       exit;
+}
+       
  $parts = split("@", $id, 2);
  
  header("Content-type: text/plain");
author	Alvaro Herrera <alvherre@alvh.no-ip.org>
	Wed, 18 Jan 2012 15:55:03 +0000 (12:55 -0300)
committer	Alvaro Herrera <alvherre@alvh.no-ip.org>
	Wed, 18 Jan 2012 15:55:03 +0000 (12:55 -0300)