prosody-modules
a1055024b94e
mod_http_oauth2/mod_http_oauth2.lua
Software / code / prosody-modules
Comparison
mod_http_oauth2/mod_http_oauth2.lua @ 5277:a1055024b94e
mod_http_oauth2: Stricten check of urlencoded form data
Because type(formdecode("string without equals sign")) == "string", so
best avoid continuing in that case, even if strings mostly behave as
tables as long as you don't hit one of the __index methods.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 26 Mar 2023 14:39:34 +0200 |
| parent | 5276:67777cb7353d |
| child | 5278:d94dba396f9f |
comparison
equal
deleted
inserted
replaced
| 5276:67777cb7353d | 5277:a1055024b94e |
|---|---|
| 337 and request.body | 337 and request.body |
| 338 and request.body ~= "" | 338 and request.body ~= "" |
| 339 and request.headers.content_type == "application/x-www-form-urlencoded" | 339 and request.headers.content_type == "application/x-www-form-urlencoded" |
| 340 and http.formdecode(request.body); | 340 and http.formdecode(request.body); |
| 341 | 341 |
| 342 if not form then return {}; end | 342 if type(form) ~= "table" then return {}; end |
| 343 | 343 |
| 344 if not form.user_token then | 344 if not form.user_token then |
| 345 -- First step: login | 345 -- First step: login |
| 346 local username = encodings.stringprep.nodeprep(form.username); | 346 local username = encodings.stringprep.nodeprep(form.username); |
| 347 local password = encodings.stringprep.saslprep(form.password); | 347 local password = encodings.stringprep.saslprep(form.password); |
