diff options
author | Giuseppe Bilotta <giuseppe.bilotta@gmail.com> | 2021-06-09 09:33:43 +0200 |
---|---|---|
committer | Matthias Hecker <36882671+mattzque@users.noreply.github.com> | 2021-06-09 13:49:34 +0200 |
commit | 09849eb8adb566b2f17a7ee533cc4a10ac379fe7 (patch) | |
tree | 101831c8347866d594867ee1fbb02d17d00283be /lib/rbot | |
parent | 28502d92c420aefa3832e57561044efa06b9ab8b (diff) |
fix: webservice dispatch syntax check
Early bailout if the command field is not specified in the POST request.
(Not doing this actually leads to an exception in the subsequent debug
because command is an Array and it can't be added to a String,
but ayway the early catch is cleaner error handling.)
Also add a TODO about a potential improvement for permission error handling.
Diffstat (limited to 'lib/rbot')
-rw-r--r-- | lib/rbot/core/webservice.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/rbot/core/webservice.rb b/lib/rbot/core/webservice.rb index 112ec85e..6f90c574 100644 --- a/lib/rbot/core/webservice.rb +++ b/lib/rbot/core/webservice.rb @@ -531,6 +531,11 @@ class WebServiceModule < CoreBotModule end command = m.post['command'] + if command.empty? + m.send_plaintext('wrong syntax', 400) + return + end + if not m.source botuser = Auth::defaultbotuser else @@ -544,6 +549,8 @@ class WebServiceModule < CoreBotModule message = Irc::PrivMessage.new(@bot, nil, user, @bot.myself, command) res = @bot.plugins.irc_delegate('privmsg', message) + # TODO if delegation failed due to wrong auth, it should be reported + # as an error, not 200 OK if m.req['Accept'] == 'application/json' { :reply => user.response } |