# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1679834374 -7200
# Node ID a1055024b94e6b65c2db72582c46c9e32ae2a95d
# Parent  67777cb7353d51a862b17b2c4d0f4ab2a73fda39
mod_http_oauth2: Stricten check of urlencoded form data

Because type(formdecode("string without equals sign")) == "string", so
best avoid continuing in that case, even if strings mostly behave as
tables as long as you don't hit one of the __index methods.

diff -r 67777cb7353d -r a1055024b94e mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sun Mar 26 14:37:42 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sun Mar 26 14:39:34 2023 +0200
@@ -339,7 +339,7 @@
 	         and request.headers.content_type == "application/x-www-form-urlencoded"
 	         and http.formdecode(request.body);
 
-	if not form then return {}; end
+	if type(form) ~= "table" then return {}; end
 
 	if not form.user_token then
 		-- First step: login