Mercurial > prosody-modules
changeset 5277:a1055024b94e
mod_http_oauth2: Stricten check of urlencoded form data
Because type(formdecode("string without equals sign")) == "string", so
best avoid continuing in that case, even if strings mostly behave as
tables as long as you don't hit one of the __index methods.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 26 Mar 2023 14:39:34 +0200 |
| parents | 67777cb7353d |
| children | d94dba396f9f |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Sun Mar 26 14:37:42 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Sun Mar 26 14:39:34 2023 +0200 @@ -339,7 +339,7 @@ and request.headers.content_type == "application/x-www-form-urlencoded" and http.formdecode(request.body); - if not form then return {}; end + if type(form) ~= "table" then return {}; end if not form.user_token then -- First step: login