admin: expect quoted ETags (#4879)

* expect quoted etags * admin: Minor refactor of etag facilities Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
author: jhwz <52683873+jhwz@users.noreply.github.com> 2022-07-13 06:23:55 +1200
committer: GitHub <noreply@github.com> 2022-07-12 12:23:55 -0600
commit: ad3a83fb9169899226ce12a61c16b5bf4d03c482 (patch)
tree: 62f19bf05422fe5844c9c90c73402b12f639a7a4 /caddy.go
parent: 53c4d788d4bbc00d396be743a2c0b36482e53c6e (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/caddy.go b/caddy.go
index 0c6dfcd..98ee5b3 100644
--- a/caddy.go
+++ b/caddy.go
@@ -145,8 +145,16 @@ func changeConfig(method, path string, input []byte, ifMatchHeader string, force
 	defer currentCfgMu.Unlock()
 
 	if ifMatchHeader != "" {
+		// expect the first and last character to be quotes
+		if len(ifMatchHeader) < 2 || ifMatchHeader[0] != '"' || ifMatchHeader[len(ifMatchHeader)-1] != '"' {
+			return APIError{
+				HTTPStatus: http.StatusBadRequest,
+				Err:        fmt.Errorf("malformed If-Match header; expect quoted string"),
+			}
+		}
+
 		// read out the parts
-		parts := strings.Fields(ifMatchHeader)
+		parts := strings.Fields(ifMatchHeader[1 : len(ifMatchHeader)-1])
 		if len(parts) != 2 {
 			return APIError{
 				HTTPStatus: http.StatusBadRequest,
author	jhwz <52683873+jhwz@users.noreply.github.com>	2022-07-13 06:23:55 +1200
committer	GitHub <noreply@github.com>	2022-07-12 12:23:55 -0600
commit	ad3a83fb9169899226ce12a61c16b5bf4d03c482 (patch)
tree	62f19bf05422fe5844c9c90c73402b12f639a7a4 /caddy.go
parent	53c4d788d4bbc00d396be743a2c0b36482e53c6e (diff)