changeset 5786:076b79eb747f

mod_http_admin_api: Abort request if no valid username
author Matthew Wild <mwild1@gmail.com>
date Thu, 07 Dec 2023 15:43:47 +0000
parents 671a6ad1f026
children e79f9dec35c0
files mod_http_admin_api/mod_http_admin_api.lua
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_admin_api/mod_http_admin_api.lua	Thu Dec 07 15:43:16 2023 +0000
+++ b/mod_http_admin_api/mod_http_admin_api.lua	Thu Dec 07 15:43:47 2023 +0000
@@ -477,6 +477,9 @@
 end
 
 function update_user(event, username)
+	if not username then
+		return 400;
+	end
 
 	local request = event.request;
 	if request.headers.content_type ~= json_content_type