Software / code / prosody-modules
Changeset
5790:a967bb4972c5
mod_http_oauth2: Reject unparsable URLs
This used to be caught by luaPattern=https:// in the schema but that's
been removed for some reason
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 03 Dec 2023 23:51:54 +0100 |
| parents | 5789:b8a2b3ebe792 |
| children | 5791:62654f523c6a |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 3 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Sun Dec 03 23:44:18 2023 +0100 +++ b/mod_http_oauth2/mod_http_oauth2.lua Sun Dec 03 23:51:54 2023 +0100 @@ -1333,6 +1333,9 @@ local function redirect_uri_allowed(redirect_uri, client_uri, app_type) local uri = url.parse(redirect_uri); + if not uri then + return false; + end if not uri.scheme then return false; -- no relative URLs end
