mod_http_oauth2: Stricten check of urlencoded form data
Because type(formdecode("string without equals sign")) == "string", so
best avoid continuing in that case, even if strings mostly behave as
tables as long as you don't hit one of the __index methods.
--- a/mod_http_oauth2/mod_http_oauth2.lua Sun Mar 26 14:37:42 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua Sun Mar 26 14:39:34 2023 +0200
@@ -339,7 +339,7 @@
and request.headers.content_type == "application/x-www-form-urlencoded"
and http.formdecode(request.body);
- if not form then return {}; end
+ if type(form) ~= "table" then return {}; end
if not form.user_token then
-- First step: login