diff options
author | jhwz <52683873+jhwz@users.noreply.github.com> | 2022-07-13 06:23:55 +1200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-12 12:23:55 -0600 |
commit | ad3a83fb9169899226ce12a61c16b5bf4d03c482 (patch) | |
tree | 62f19bf05422fe5844c9c90c73402b12f639a7a4 /caddy.go | |
parent | 53c4d788d4bbc00d396be743a2c0b36482e53c6e (diff) |
admin: expect quoted ETags (#4879)
* expect quoted etags
* admin: Minor refactor of etag facilities
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
Diffstat (limited to 'caddy.go')
-rw-r--r-- | caddy.go | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -145,8 +145,16 @@ func changeConfig(method, path string, input []byte, ifMatchHeader string, force defer currentCfgMu.Unlock() if ifMatchHeader != "" { + // expect the first and last character to be quotes + if len(ifMatchHeader) < 2 || ifMatchHeader[0] != '"' || ifMatchHeader[len(ifMatchHeader)-1] != '"' { + return APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("malformed If-Match header; expect quoted string"), + } + } + // read out the parts - parts := strings.Fields(ifMatchHeader) + parts := strings.Fields(ifMatchHeader[1 : len(ifMatchHeader)-1]) if len(parts) != 2 { return APIError{ HTTPStatus: http.StatusBadRequest, |