Mercurial > prosody-modules
changeset 5957:e8bf46a7bb27
mod_http_oauth2: Ensure URL ports are integer in correct range
LuaSocket is weird and thinks ports should be strings
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 29 Aug 2024 18:03:23 +0200 |
parents | 97375a78d2b5 |
children | 5f8a306c8306 |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Thu Aug 29 16:02:46 2024 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Thu Aug 29 18:03:23 2024 +0200 @@ -32,6 +32,12 @@ local url_parts = url.parse(urlstr); if not url_parts then return url_parts; end if url_parts.userinfo then return false; end + if url_parts.port then + local port = tonumber(url_parts.port); + if not port then return false; end + if not (port > 0 and port <= 0xffff) then return false; end + if port ~= math.floor(port) then return false; end + end return url_parts; end