Mercurial > prosody-modules

changeset 5957:e8bf46a7bb27

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Ensure URL ports are integer in correct range LuaSocket is weird and thinks ports should be strings
author Kim Alvefur <zash@zash.se>
date Thu, 29 Aug 2024 18:03:23 +0200
parents 97375a78d2b5
children 5f8a306c8306
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu Aug 29 16:02:46 2024 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu Aug 29 18:03:23 2024 +0200
@@ -32,6 +32,12 @@
 	local url_parts = url.parse(urlstr);
 	if not url_parts then return url_parts; end
 	if url_parts.userinfo then return false; end
+	if url_parts.port then
+		local port = tonumber(url_parts.port);
+		if not port then return false; end
+		if not (port > 0 and port <= 0xffff) then return false; end
+		if port ~= math.floor(port) then return false; end
+	end
 	return url_parts;
 end