# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1701643914 -3600
# Node ID a967bb4972c5257a456d870ec3c936a3c945c88a
# Parent  b8a2b3ebe79204508233a7f95d81e86a7cfa20a1
mod_http_oauth2: Reject unparsable URLs

This used to be caught by luaPattern=https:// in the schema but that's
been removed for some reason

diff -r b8a2b3ebe792 -r a967bb4972c5 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sun Dec 03 23:44:18 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sun Dec 03 23:51:54 2023 +0100
@@ -1333,6 +1333,9 @@
 
 local function redirect_uri_allowed(redirect_uri, client_uri, app_type)
 	local uri = url.parse(redirect_uri);
+	if not uri then
+		return false;
+	end
 	if not uri.scheme then
 		return false; -- no relative URLs
 	end