changeset 5277:a1055024b94e

mod_http_oauth2: Stricten check of urlencoded form data Because type(formdecode("string without equals sign")) == "string", so best avoid continuing in that case, even if strings mostly behave as tables as long as you don't hit one of the __index methods.
author Kim Alvefur <zash@zash.se>
date Sun, 26 Mar 2023 14:39:34 +0200
parents 67777cb7353d
children d94dba396f9f
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sun Mar 26 14:37:42 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sun Mar 26 14:39:34 2023 +0200
@@ -339,7 +339,7 @@
 	         and request.headers.content_type == "application/x-www-form-urlencoded"
 	         and http.formdecode(request.body);
 
-	if not form then return {}; end
+	if type(form) ~= "table" then return {}; end
 
 	if not form.user_token then
 		-- First step: login