diff options
author | Björn Stenberg <bjorn@haxx.se> | 2018-02-25 20:17:25 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-05-31 11:27:16 +0200 |
commit | 946ce5b61fc3832935ea92b4388116c7f637fb8c (patch) | |
tree | 3d4ef97037f869fdccb509940e35c972d476ee82 /src | |
parent | 71d35e4a1d96011076d3e81cad4e7b417d9a3985 (diff) | |
download | curl-946ce5b61fc3832935ea92b4388116c7f637fb8c.tar.gz |
option: disallow username in URL
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes
libcurl reject URLs with a username in them.
Closes #2340
Diffstat (limited to 'src')
-rw-r--r-- | src/tool_cfgable.h | 1 | ||||
-rw-r--r-- | src/tool_getparam.c | 4 | ||||
-rw-r--r-- | src/tool_help.c | 2 | ||||
-rw-r--r-- | src/tool_operate.c | 3 |
4 files changed, 10 insertions, 0 deletions
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 237c2bd7f..a0363e9a7 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -255,6 +255,7 @@ struct OperationConfig { long happy_eyeballs_timeout_ms; /* happy eyeballs timeout in milliseconds. 0 is valid. default: CURL_HET_DEFAULT. */ bool haproxy_protocol; /* whether to send HAProxy protocol v1 */ + bool disallow_username_in_url; /* disallow usernames in URLs */ struct GlobalConfig *global; struct OperationConfig *prev; struct OperationConfig *next; /* Always last in the struct */ diff --git a/src/tool_getparam.c b/src/tool_getparam.c index a9f448112..186168252 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -82,6 +82,7 @@ static const struct LongShort aliases[]= { {"*d", "ciphers", ARG_STRING}, {"*D", "dns-interface", ARG_STRING}, {"*e", "disable-epsv", ARG_BOOL}, + {"*f", "disallow-username-in-url", ARG_BOOL}, {"*E", "epsv", ARG_BOOL}, /* 'epsv' made like this to make --no-epsv and --epsv to work although --disable-epsv is the documented option */ @@ -621,6 +622,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ case 'e': /* --disable-epsv */ config->disable_epsv = toggle; break; + case 'f': /* --disallow-username-in-url */ + config->disallow_username_in_url = toggle; + break; case 'E': /* --epsv */ config->disable_epsv = (!toggle)?TRUE:FALSE; break; diff --git a/src/tool_help.c b/src/tool_help.c index 3218cf67d..b829e76ef 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -108,6 +108,8 @@ static const struct helptxt helptext[] = { "Inhibit using EPRT or LPRT"}, {" --disable-epsv", "Inhibit using EPSV"}, + {" --disallow-username-in-url", + "Disallow username in url"}, {" --dns-interface <interface>", "Interface to use for DNS requests"}, {" --dns-ipv4-addr <address>", diff --git a/src/tool_operate.c b/src/tool_operate.c index 0a1b1a48d..26fc251f5 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1474,6 +1474,9 @@ static CURLcode operate_do(struct GlobalConfig *global, if(config->haproxy_protocol) my_setopt(curl, CURLOPT_HAPROXYPROTOCOL, 1L); + if(config->disallow_username_in_url) + my_setopt(curl, CURLOPT_DISALLOW_USERNAME_IN_URL, 1L); + /* initialize retry vars for loop below */ retry_sleep_default = (config->retry_delay) ? config->retry_delay*1000L : RETRY_SLEEP_DEFAULT; /* ms */ |