HTTP API: Address security hole (thanks @rubenwardy)

2025-07-04 01:20:23 +02:00 · 2021-12-06 14:44:40 +01:00
parent e4fdfa60bf
commit 382ff397a5
3 changed files with 10 additions and 15 deletions
--- a/src/caches.lua
+++ b/src/caches.lua
@ -1,4 +1,5 @@
 local replacements = {fuel = {}}
+local http = ...

 IMPORT("maxn", "copy", "insert", "sort", "match", "sub")
 IMPORT("is_group", "extract_groups", "item_has_groups", "groups_to_items")
@ -269,13 +270,13 @@ local function init_recipes()
 	resolve_aliases(_select)
 	sort(i3.init_items)

-	if i3.http and true_str(i3.export_url) then
+	if http and true_str(i3.export_url) then
 		local post_data = {
 			recipes = i3.recipes_cache,
 			usages  = i3.usages_cache,
 		}

-		i3.http.fetch_async {
+		http.fetch_async {
 			url = i3.export_url,
 			post_data = core.write_json(post_data),
 		}