main.c: Force valid cookie on check_length
Otherwise, a malicious user could send multipart/form-data requests without a valid cookie.
This commit is contained in:
parent
6c3bfa270b
commit
b7f232366c
11
main.c
11
main.c
|
@ -897,7 +897,16 @@ static int check_length(const unsigned long long len,
|
|||
bool has_quota;
|
||||
unsigned long long quota;
|
||||
|
||||
if (auth_quota(a, username, &has_quota, "a))
|
||||
if (auth_cookie(a, c))
|
||||
{
|
||||
fprintf(stderr, "%s: auth_cookie failed\n", __func__);
|
||||
|
||||
if (page_forbidden(r))
|
||||
return -1;
|
||||
|
||||
return 1;
|
||||
}
|
||||
else if (auth_quota(a, username, &has_quota, "a))
|
||||
{
|
||||
fprintf(stderr, "%s: auth_quota failed\n", __func__);
|
||||
return -1;
|
||||
|
|
Loading…
Reference in New Issue