diff options
| author | Mark Felder <feld@feld.me> | 2024-07-25 16:18:45 -0400 |
|---|---|---|
| committer | Mark Felder <feld@feld.me> | 2024-07-25 16:18:45 -0400 |
| commit | c19d55cabb4932b9786fa8a4571d7b92e3925e00 (patch) | |
| tree | 74438fcc6cbb5b79680e3c8b73e4ae598471c556 | |
| parent | 84b15ac1119396eeb9827fc5242489a4f5cb820b (diff) | |
| download | pleroma-c19d55cabb4932b9786fa8a4571d7b92e3925e00.tar.gz pleroma-c19d55cabb4932b9786fa8a4571d7b92e3925e00.zip | |
Safer string concatenation
| -rw-r--r-- | lib/pleroma/signature.ex | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/pleroma/signature.ex b/lib/pleroma/signature.ex index 0f3362ebe..195513478 100644 --- a/lib/pleroma/signature.ex +++ b/lib/pleroma/signature.ex @@ -115,13 +115,13 @@ defmodule Pleroma.Signature do # show that it must be the absolute path + query. This behavior is kept to # make sure most software (Pleroma itself, Mastodon, and probably others) # do not break. - request_target = String.downcase("#{conn.method}") <> " #{conn.request_path}" + request_target = Enum.join([String.downcase(conn.method), conn.request_path], " ") # This is the proper way to build the @request-target, as expected by # many HTTP signature libraries, clarified in the following draft: # https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-11.html#section-2.2.6 # It is the same as before, but containing the query part as well. - proper_target = request_target <> "?#{conn.query_string}" + proper_target = Enum.join([request_target, "?", conn.query_string], "") cond do # Normal, non-standard behavior but expected by Pleroma and more. |