sascha/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2026-02-08 08:41:59 +00:00
Code Issues Releases Wiki Activity

reject empty segments

Browse Source
This commit is contained in:
J. Nick Koston
2025-12-22 17:02:59 -10:00
parent 174b68712e
commit 31f4e0ee48
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
esphome/components/web_server/web_server.cpp
View File

@@ -102,6 +102,10 @@ static UrlMatch match_url(const char *url_ptr, size_t url_len, bool only_domain)
// Only 1 segment after domain: /{domain}/{entity_name}
match.id = seg1_start;
match.id_len = end - seg1_start;
// Reject empty segment (e.g., "/sensor/")
if (match.id_len == 0) {
return UrlMatch{};
}
return match;
}
@@ -115,6 +119,10 @@ static UrlMatch match_url(const char *url_ptr, size_t url_len, bool only_domain)
match.id_len = seg1_end - seg1_start;
match.method = seg2_start;
match.method_len = end - seg2_start;
// Reject empty segments (e.g., "/sensor//turn_on" or "/sensor/temp/")
if (match.id_len == 0 || match.method_len == 0) {
return UrlMatch{};
}
return match;
}
@@ -133,12 +141,22 @@ static UrlMatch match_url(const char *url_ptr, size_t url_len, bool only_domain)
match.method = nullptr;
match.method_len = 0;
}
// Reject empty segments (e.g., "/sensor//entity/turn_on" or "/sensor/device//turn_on")
if (match.device_name_len == 0 || match.id_len == 0 || (match.method != nullptr && match.method_len == 0)) {
return UrlMatch{};
}
#else
// Without USE_DEVICES, treat extra segments as part of method (backward compat)
match.id = seg1_start;
match.id_len = seg1_end - seg1_start;
match.method = seg2_start;
match.method_len = end - seg2_start;
// Reject empty segments
if (match.id_len == 0 || match.method_len == 0) {
return UrlMatch{};
}
#endif
return match;