summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorBjörn Stenberg <bjorn@haxx.se>2018-02-25 20:17:25 +0100
committerDaniel Stenberg <daniel@haxx.se>2018-05-31 11:27:16 +0200
commit946ce5b61fc3832935ea92b4388116c7f637fb8c (patch)
tree3d4ef97037f869fdccb509940e35c972d476ee82 /src
parent71d35e4a1d96011076d3e81cad4e7b417d9a3985 (diff)
downloadcurl-946ce5b61fc3832935ea92b4388116c7f637fb8c.tar.gz
option: disallow username in URL
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes libcurl reject URLs with a username in them. Closes #2340
Diffstat (limited to 'src')
-rw-r--r--src/tool_cfgable.h1
-rw-r--r--src/tool_getparam.c4
-rw-r--r--src/tool_help.c2
-rw-r--r--src/tool_operate.c3
4 files changed, 10 insertions, 0 deletions
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 237c2bd7f..a0363e9a7 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -255,6 +255,7 @@ struct OperationConfig {
long happy_eyeballs_timeout_ms; /* happy eyeballs timeout in milliseconds.
0 is valid. default: CURL_HET_DEFAULT. */
bool haproxy_protocol; /* whether to send HAProxy protocol v1 */
+ bool disallow_username_in_url; /* disallow usernames in URLs */
struct GlobalConfig *global;
struct OperationConfig *prev;
struct OperationConfig *next; /* Always last in the struct */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index a9f448112..186168252 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -82,6 +82,7 @@ static const struct LongShort aliases[]= {
{"*d", "ciphers", ARG_STRING},
{"*D", "dns-interface", ARG_STRING},
{"*e", "disable-epsv", ARG_BOOL},
+ {"*f", "disallow-username-in-url", ARG_BOOL},
{"*E", "epsv", ARG_BOOL},
/* 'epsv' made like this to make --no-epsv and --epsv to work
although --disable-epsv is the documented option */
@@ -621,6 +622,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
case 'e': /* --disable-epsv */
config->disable_epsv = toggle;
break;
+ case 'f': /* --disallow-username-in-url */
+ config->disallow_username_in_url = toggle;
+ break;
case 'E': /* --epsv */
config->disable_epsv = (!toggle)?TRUE:FALSE;
break;
diff --git a/src/tool_help.c b/src/tool_help.c
index 3218cf67d..b829e76ef 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -108,6 +108,8 @@ static const struct helptxt helptext[] = {
"Inhibit using EPRT or LPRT"},
{" --disable-epsv",
"Inhibit using EPSV"},
+ {" --disallow-username-in-url",
+ "Disallow username in url"},
{" --dns-interface <interface>",
"Interface to use for DNS requests"},
{" --dns-ipv4-addr <address>",
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 0a1b1a48d..26fc251f5 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1474,6 +1474,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
if(config->haproxy_protocol)
my_setopt(curl, CURLOPT_HAPROXYPROTOCOL, 1L);
+ if(config->disallow_username_in_url)
+ my_setopt(curl, CURLOPT_DISALLOW_USERNAME_IN_URL, 1L);
+
/* initialize retry vars for loop below */
retry_sleep_default = (config->retry_delay) ?
config->retry_delay*1000L : RETRY_SLEEP_DEFAULT; /* ms */