Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5277:a1055024b94e
mod_http_oauth2: Stricten check of urlencoded form data
Because type(formdecode("string without equals sign")) == "string", so
best avoid continuing in that case, even if strings mostly behave as
tables as long as you don't hit one of the __index methods.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 26 Mar 2023 14:39:34 +0200 |
parents | 67777cb7353d |
children | d94dba396f9f |
comparison
equal
deleted
inserted
replaced
5276:67777cb7353d | 5277:a1055024b94e |
---|---|
337 and request.body | 337 and request.body |
338 and request.body ~= "" | 338 and request.body ~= "" |
339 and request.headers.content_type == "application/x-www-form-urlencoded" | 339 and request.headers.content_type == "application/x-www-form-urlencoded" |
340 and http.formdecode(request.body); | 340 and http.formdecode(request.body); |
341 | 341 |
342 if not form then return {}; end | 342 if type(form) ~= "table" then return {}; end |
343 | 343 |
344 if not form.user_token then | 344 if not form.user_token then |
345 -- First step: login | 345 -- First step: login |
346 local username = encodings.stringprep.nodeprep(form.username); | 346 local username = encodings.stringprep.nodeprep(form.username); |
347 local password = encodings.stringprep.saslprep(form.password); | 347 local password = encodings.stringprep.saslprep(form.password); |