diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-01-13 12:30:37 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-01-13 15:37:46 +0100 |
commit | 4431ed2484f0e66096642ee76a2bbeedec5bde79 (patch) | |
tree | 4faa3df1127dd28ee0962b44664ce82d170eb0c1 | |
parent | 6773c7ca65cf2183295e56603f9b86a5ce816a06 (diff) | |
download | curl-4431ed2484f0e66096642ee76a2bbeedec5bde79.tar.gz |
curl: make #0 not output the full URL
It was not intended nor documented!
Added test 1176 to verify.
Reported-by: vshmuk on hackerone
Closes #4812
-rw-r--r-- | src/tool_urlglob.c | 4 | ||||
-rw-r--r-- | tests/data/Makefile.inc | 2 | ||||
-rw-r--r-- | tests/data/test1176 | 68 |
3 files changed, 71 insertions, 3 deletions
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c index 450cdcf32..6c8716104 100644 --- a/src/tool_urlglob.c +++ b/src/tool_urlglob.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -627,7 +627,7 @@ CURLcode glob_match_url(char **result, char *filename, URLGlob *glob) unsigned long num = strtoul(&filename[1], &filename, 10); URLPattern *pat = NULL; - if(num < glob->size) { + if(num && (num < glob->size)) { unsigned long i; num--; /* make it zero based */ /* find the correct glob entry */ diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 978f8aa5b..51cc92062 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -133,7 +133,7 @@ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \ test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \ test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \ \ -test1170 test1171 test1172 test1173 test1174 test1175 \ +test1170 test1171 test1172 test1173 test1174 test1175 test1176 \ \ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ diff --git a/tests/data/test1176 b/tests/data/test1176 new file mode 100644 index 000000000..491bee16f --- /dev/null +++ b/tests/data/test1176 @@ -0,0 +1,68 @@ +<testcase> +<info> +<keywords> +globbing +</keywords> +</info> + +# +# Server-side +<reply> +<data nocheck="yes"> +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- +</data> +</reply> + +# +# Client-side +<client> +<server> +http +</server> + <name> +HTTP GET + </name> + <command option="no-output"> +http://%HOSTIP:%HTTPPORT/1176 -o 'log/base-#0' +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET /1176 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol> +<file name="log/base-#0"> +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- +</file> +</verify> +</testcase> |