From: Alvaro Herrera <alvherre@alvh.no-ip.org>
Date: Wed, 18 Jan 2012 15:55:03 +0000 (-0300)
Subject: reject messages with no @ in the ID
X-Git-Url: http://git.postgresql.org/gitweb/backend_dirs.html?a=commitdiff_plain;h=0ef42c0c0334c7db41dbc126d397c7860ccc0f86;p=pgweb-old.git

reject messages with no @ in the ID
---

diff --git a/archives/html/msgtxt.php b/archives/html/msgtxt.php
index 639c1dfd..1d2c792e 100644
--- a/archives/html/msgtxt.php
+++ b/archives/html/msgtxt.php
@@ -3,6 +3,12 @@
 $id = $_GET["id"];
 $id = str_replace("/", "_", $id);
 
+if (strpos($id, "@") == FALSE) {
+	header("Status: 404 fucked up message-id");
+	print("go away, you insensitive clod\n");
+	exit;
+}
+	
 $parts = split("@", $id, 2);
 
 header("Content-type: text/plain");