Made sanitizeToken more strict and use correct alphabet

janeczku / haproxy-acme-validation-plugin

:four_leaf_clover: Zero-downtime ACME / Let's Encrypt certificate issuing for HAProxy

MIT License

291 stars 49 forks source link

Open JoelLinn opened 5 years ago

JoelLinn commented 5 years ago

+ and = are illegal in challenge tokens (url safe variant of base64 without padding)
instead of replacing illegal characters (gsub) only accept the token if it only contains valid characters at every position and is at least one character long
newline at end of file (posix standard)