Raise 400 on invalid request to '/feed/webhook'

This commit is contained in:
Omar Roth 2019-07-10 11:22:10 -05:00
parent 3c226892c6
commit bb096a0357
No known key found for this signature in database
GPG Key ID: B8254FB7EC3D37F2

View File

@ -2656,9 +2656,18 @@ end
get "/feed/webhook/:token" do |env| get "/feed/webhook/:token" do |env|
verify_token = env.params.url["token"] verify_token = env.params.url["token"]
mode = env.params.query["hub.mode"] mode = env.params.query["hub.mode"]?
topic = env.params.query["hub.topic"] topic = env.params.query["hub.topic"]?
challenge = env.params.query["hub.challenge"] challenge = env.params.query["hub.challenge"]?
if !mode || !topic || !challenge
env.response.status_code = 400
next
else
mode = mode.not_nil!
topic = topic.not_nil!
challenge = challenge.not_nil!
end
case verify_token case verify_token
when .starts_with? "v1" when .starts_with? "v1"