comparison mod_http_oauth2/mod_http_oauth2.lua @ 5277:a1055024b94e

mod_http_oauth2: Stricten check of urlencoded form data Because type(formdecode("string without equals sign")) == "string", so best avoid continuing in that case, even if strings mostly behave as tables as long as you don't hit one of the __index methods.
author Kim Alvefur <zash@zash.se>
date Sun, 26 Mar 2023 14:39:34 +0200
parents 67777cb7353d
children d94dba396f9f
comparison
equal deleted inserted replaced
5276:67777cb7353d 5277:a1055024b94e
337 and request.body 337 and request.body
338 and request.body ~= "" 338 and request.body ~= ""
339 and request.headers.content_type == "application/x-www-form-urlencoded" 339 and request.headers.content_type == "application/x-www-form-urlencoded"
340 and http.formdecode(request.body); 340 and http.formdecode(request.body);
341 341
342 if not form then return {}; end 342 if type(form) ~= "table" then return {}; end
343 343
344 if not form.user_token then 344 if not form.user_token then
345 -- First step: login 345 -- First step: login
346 local username = encodings.stringprep.nodeprep(form.username); 346 local username = encodings.stringprep.nodeprep(form.username);
347 local password = encodings.stringprep.saslprep(form.password); 347 local password = encodings.stringprep.saslprep(form.password);