diff options
author | jhwz <[email protected]> | 2022-07-13 06:23:55 +1200 |
---|---|---|
committer | GitHub <[email protected]> | 2022-07-12 12:23:55 -0600 |
commit | ad3a83fb9169899226ce12a61c16b5bf4d03c482 (patch) | |
tree | 62f19bf05422fe5844c9c90c73402b12f639a7a4 /caddy.go | |
parent | 53c4d788d4bbc00d396be743a2c0b36482e53c6e (diff) | |
download | caddy-ad3a83fb9169899226ce12a61c16b5bf4d03c482.tar.gz caddy-ad3a83fb9169899226ce12a61c16b5bf4d03c482.zip |
admin: expect quoted ETags (#4879)v2.5.2
* expect quoted etags
* admin: Minor refactor of etag facilities
Co-authored-by: Matthew Holt <[email protected]>
Diffstat (limited to 'caddy.go')
-rw-r--r-- | caddy.go | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -145,8 +145,16 @@ func changeConfig(method, path string, input []byte, ifMatchHeader string, force defer currentCfgMu.Unlock() if ifMatchHeader != "" { + // expect the first and last character to be quotes + if len(ifMatchHeader) < 2 || ifMatchHeader[0] != '"' || ifMatchHeader[len(ifMatchHeader)-1] != '"' { + return APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("malformed If-Match header; expect quoted string"), + } + } + // read out the parts - parts := strings.Fields(ifMatchHeader) + parts := strings.Fields(ifMatchHeader[1 : len(ifMatchHeader)-1]) if len(parts) != 2 { return APIError{ HTTPStatus: http.StatusBadRequest, |