From 4a740a25fb5fa76a1e8c4a6a4cc6b1773780f39a Mon Sep 17 00:00:00 2001
From: benjamin <ufundo@gmail.com>
Date: Wed, 17 May 2023 22:17:11 +0100
Subject: [PATCH] respond with 400 not 500 errors if wrong params on CiviMail
 urls

---
 CRM/Mailing/Form/Optout.php      | 8 ++++++--
 CRM/Mailing/Form/Unsubscribe.php | 8 ++++++--
 CRM/Mailing/Page/Open.php        | 5 +++--
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/CRM/Mailing/Form/Optout.php b/CRM/Mailing/Form/Optout.php
index 0ffd5f2975..755f59c1e4 100644
--- a/CRM/Mailing/Form/Optout.php
+++ b/CRM/Mailing/Form/Optout.php
@@ -50,13 +50,17 @@ class CRM_Mailing_Form_Optout extends CRM_Core_Form {
     $this->_hash = $hash = CRM_Utils_Request::retrieve('h', 'String', $this);
 
     if (!$job_id || !$queue_id || !$hash) {
-      throw new CRM_Core_Exception(ts("Missing input parameters"));
+      CRM_Utils_System::sendResponse(
+        new \GuzzleHttp\Psr7\Response(400, [], ts("Invalid request: missing parameters"))
+      );
     }
 
     // verify that the three numbers above match
     $q = CRM_Mailing_Event_BAO_MailingEventQueue::verify($job_id, $queue_id, $hash);
     if (!$q) {
-      throw new CRM_Core_Exception(ts("There was an error in your request"));
+      CRM_Utils_System::sendResponse(
+        new \GuzzleHttp\Psr7\Response(400, [], ts("Invalid request: bad parameters"))
+      );
     }
 
     list($displayName, $email) = CRM_Mailing_Event_BAO_MailingEventQueue::getContactInfo($queue_id);
diff --git a/CRM/Mailing/Form/Unsubscribe.php b/CRM/Mailing/Form/Unsubscribe.php
index 7b3df693e7..c86359840e 100644
--- a/CRM/Mailing/Form/Unsubscribe.php
+++ b/CRM/Mailing/Form/Unsubscribe.php
@@ -51,13 +51,17 @@ class CRM_Mailing_Form_Unsubscribe extends CRM_Core_Form {
     $isConfirm = CRM_Utils_Request::retrieveValue('confirm', 'Boolean', FALSE, FALSE, 'GET');
 
     if (!$job_id || !$queue_id || !$hash) {
-      throw new CRM_Core_Exception(ts('Missing Parameters'));
+      CRM_Utils_System::sendResponse(
+        new \GuzzleHttp\Psr7\Response(400, [], ts("Invalid request: missing parameters"))
+      );
     }
 
     // verify that the three numbers above match
     $q = CRM_Mailing_Event_BAO_MailingEventQueue::verify($job_id, $queue_id, $hash);
     if (!$q) {
-      throw new CRM_Core_Exception(ts("There was an error in your request"));
+      CRM_Utils_System::sendResponse(
+        new \GuzzleHttp\Psr7\Response(400, [], ts("Invalid request: bad parameters"))
+      );
     }
 
     list($displayName, $email) = CRM_Mailing_Event_BAO_MailingEventQueue::getContactInfo($queue_id);
diff --git a/CRM/Mailing/Page/Open.php b/CRM/Mailing/Page/Open.php
index 3a2870d5ad..44bd386ce9 100644
--- a/CRM/Mailing/Page/Open.php
+++ b/CRM/Mailing/Page/Open.php
@@ -36,8 +36,9 @@ class CRM_Mailing_Page_Open extends CRM_Core_Page {
       $queue_id = CRM_Utils_Request::retrieveValue('q', 'Positive', NULL, FALSE, 'GET');
     }
     if (!$queue_id) {
-      echo "Missing input parameters\n";
-      exit();
+      CRM_Utils_System::sendResponse(
+        new \GuzzleHttp\Psr7\Response(400, [], ts("Missing input parameters"))
+      );
     }
 
     CRM_Mailing_Event_BAO_MailingEventOpened::open($queue_id);
-- 
2.25.1