summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* code: style updatesDaniel Stenberg2016-04-034-13/+13
|
* http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes2016-03-312-0/+6
| | | | | | | | | | | | | Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
* tool_operate: remove mixed declarationJay Satiro2016-03-281-1/+2
| | | | This is a follow up to the previous commit.
* curl: warn for --capath use if not supported by libcurlDaniel Stenberg2016-03-281-3/+13
| | | | Closes #492
* curl: glob_range: no need to check unsigned variable for negativeDaniel Stenberg2016-03-141-3/+2
| | | | | | | cppcheck warned: [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n' is less than zero.
* makefile.m32: add missing libs for static -winssl-ssh2 buildsViktor Szakats2016-03-051-0/+5
| | | | Bug: https://github.com/curl/curl/pull/693
* makefile.m32: fix to allow -ssh2-winssl combinationViktor Szakats2016-03-051-0/+2
| | | | | | | In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl (OpenSSL) option, with no way to override it with -winssl. Since both libssh2 and curl support using Windows's built-in SSL backend, modify the logic to allow that combination.
* makefile.m32: allow to pass .dll/.exe-specific LDFLAGSViktor Szakats2016-03-011-1/+1
| | | | | | | | | | | | using envvars `CURL_LDFLAG_EXTRAS_DLL` and `CURL_LDFLAG_EXTRAS_EXE` respectively. This is useful f.e. to pass ASLR-related extra options, that are required to make this feature work when using the mingw toolchain. Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985 Closes https://github.com/curl/curl/pull/689
* TFTP: add option to suppress TFTP option requests (Part 2)Jay Satiro2016-02-234-1/+11
| | | | | | | | | | - Add tests. - Add an example to CURLOPT_TFTP_NO_OPTIONS.3. - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS. Bug: https://github.com/curl/curl/issues/481
* src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS supportViktor Szakats2016-02-201-8/+8
| | | | | | Sync with lib/Makefile.m32 which already uses those variables. Bug: https://github.com/curl/curl/pull/670
* tool_doswin: Support for literal path prefix \\?\Jay Satiro2016-02-091-4/+11
| | | | For example something like --output \\?\C:\foo
* tool_urlglob: Allow reserved dos device names (Windows)Jay Satiro2016-02-081-1/+2
| | | | | | | | | | Allow --output to reserved dos device names without the device prefix for backwards compatibility. Example: --output NUL can be used instead of --output \\.\NUL Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863 Reported-by: Gisle Vanem
* tool_operhlp: Check for backslashes in get_url_file_nameJay Satiro2016-02-081-1/+5
| | | | | | | | | | Extract the filename from the last slash or backslash. Prior to this change backslashes could be part of the filename. This change needed for the curl tool built for Cygwin. Refer to the CYGWIN addendum in advisory 20160127B. Bug: https://curl.haxx.se/docs/adv_20160127B.html
* tool_doswin: Use type SANITIZEcode in sanitize_file_nameJay Satiro2016-02-051-7/+7
|
* tool_doswin: Improve sanitization processingJay Satiro2016-02-057-128/+424
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-0392-97/+97
|
* tool_operate: Don't sanitize --output path (Windows)Jay Satiro2016-02-011-11/+0
| | | | | | | | | | | | | Due to path separators being incorrectly sanitized in --output pathnames, eg -o c:\foo => c__foo This is a partial revert of 3017d8a until I write a proper fix. The remote-name will continue to be sanitized, but if the user specified an --output with string replacement (#1, #2, etc) that data is unsanitized until I finish a fix. Bug: https://github.com/bagder/curl/issues/624 Reported-by: Octavio Schroeder
* tool_doswin: silence unused function warningViktor Szakats2016-01-281-0/+4
| | | | | | | tool_doswin.c:185:14: warning: 'msdosify' defined but not used [-Wunused-function] Closes https://github.com/bagder/curl/pull/616
* curl: avoid local drive traversal when saving file (Windows)Ray Satiro2016-01-264-58/+187
| | | | | | | | | | | curl does not sanitize colons in a remote file name that is used as the local file name. This may lead to a vulnerability on systems where the colon is a special path character. Currently Windows/DOS is the only OS where this vulnerability applies. CVE-2016-0754 Bug: http://curl.haxx.se/docs/adv_20160127B.html
* Makefile.inc: s/curl_SOURCES/CURL_FILESDaniel Stenberg2015-12-233-3/+7
| | | | | | | | | This allows the root Makefile.am to include the Makefile.inc without causing automake to warn on it (variables named *_SOURCES are magic). curl_SOURCES is then instead assigned properly in src/Makefile.am only. Closes #577
* curl --expect100-timeout: addedDaniel Stenberg2015-12-154-0/+13
| | | | | This is the new command line option to set the value for the existing libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
* curl: use 2TLS by defaultDaniel Stenberg2015-12-132-1/+5
| | | | | | | | | Make this the default for the curl tool (if built with HTTP/2 powers enabled) unless a specific HTTP version is requested on the command line. This should allow more users to get HTTP/2 powers without having to change anything.
* curl: remove keepalive #ifdef checks done on libcurl's behalfDaniel Stenberg2015-12-031-4/+0
| | | | | | They didn't match the ifdef logic used within libcurl anyway so they could indeed warn for the wrong case - plus the tool cannot know how the lib actually performs at that level.
* tool_paramhlp: Fixed display of URL index in password prompt for --nextSteve Holme2015-11-271-1/+1
| | | | | | | | Commit f3bae6ed73 added the URL index to the password prompt when using --next. Unfortunately, because the size_t specifier (%zu) is not supported by all sprintf() implementations we use the curl_off_t format specifier instead. The display of an incorrect value arises on platforms where size_t and curl_off_t are of a different size.
* curl: expanded the -XHEAD warning textDaniel Stenberg2015-11-241-2/+2
| | | | ... to also mention the specific options used.
* Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg2015-11-242-3/+19
| | | | | | | This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
* curl: mark two more options strings for --libcurl outputDaniel Stenberg2015-11-131-2/+2
|
* cleanup: general removal of TODO (and similar) commentsDaniel Stenberg2015-11-132-19/+3
| | | | | | They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
* oauth2: Don't use XOAUTH2 in OAuth 2.0 variablesSteve Holme2015-11-095-6/+6
|
* oauth2: Use OAuth 2.0 rather than XOAUTH2 in commentsSteve Holme2015-11-092-2/+2
| | | | | When referring to OAuth 2.0 we should use the official name rather the SASL mechanism name.
* tool: Fixed a memory leak on OOM introduced in 19cb0c4aDan Fandrich2015-11-081-1/+1
|
* curl.h: s/HTTPPOST_/CURL_HTTPOST_Daniel Stenberg2015-10-311-3/+3
| | | | | | | | | Fixes a name space pollution at the cost of programs using one of these defines will no longer compile. However, the vast majority of libcurl programs that do multipart formposts use curl_formadd() to build this list. Closes #506
* copyrights: update Gisle Vanem's emailDaniel Stenberg2015-10-202-2/+2
|
* curl: slist_wc: remove curl_memory.h inclusionDaniel Stenberg2015-10-181-1/+0
| | | | ... that's for the library only.
* tool: Generate easysrc with last cache linked-listDaniel Hwang2015-10-186-36/+183
| | | | | | | | | | Using a last cache linked-list improves the performance of easysrc generation. Bug: https://github.com/bagder/curl/issues/444 Ref: https://github.com/bagder/curl/issues/429 Closes #452
* cookies: Add support for Mozilla's Publix Suffix ListTim Rühsen2015-10-171-0/+3
| | | | | | | | | | | | Use libpsl to check the domain value of Set-Cookie headers (and cookie jar entries) for not being a Publix Suffix. The configure script checks for "libpsl" by default. Disable the check with --without-libpsl. Ref: https://publicsuffix.org/ Ref: https://github.com/publicsuffix/list Ref: https://github.com/rockdaboot/libpsl
* tool_setopt: fix c_escape truncated octalMaksim Stsepanenka2015-10-021-1/+1
| | | | Closes https://github.com/bagder/curl/pull/469
* tool: remove redundant libcurl checkDaniel Hwang2015-09-221-41/+39
| | | | | | | | The easysrc generation is run only when --libcurl is initialized. Ref: https://github.com/bagder/curl/issues/429 Closes #448
* tool_operate: Don't call easysrc cleanup unless --libcurlJay Satiro2015-09-211-6/+9
| | | | | | | | | - Review of 4d95491. The author changed it so easysrc only initializes when --libcurl but did not do the same for the call to easysrc cleanup. Ref: https://github.com/bagder/curl/issues/429
* tool: generate easysrc only on --libcurlDaniel Lee Hwang2015-09-201-4/+6
| | | | | | | | | | Code should only be generated when --libcurl is used. Bug: https://github.com/bagder/curl/issues/429 Reported-by: @greafhe, Jay Satiro Closes #429 Closes #442
* curl: customrequest_helper: deal with NULL custom methodDaniel Stenberg2015-09-111-1/+3
|
* curl: point out unnecessary uses of -X in verbose modeDaniel Stenberg2015-09-115-16/+65
| | | | | | | | It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take down the tone a bit. It adds a warning for using -XHEAD on other methods becasue that may lead to a hanging connection.
* gitignore: ignore more generated VC MakefilesDaniel Stenberg2015-09-031-3/+1
|
* tool_sdecls.h: Fixed compilation warning from commit 4a889441d3Steve Holme2015-09-021-1/+1
| | | | tool_sdecls.h:139 warning: comma at end of enumerator list
* makefiles: Added our standard copyright headerSteve Holme2015-08-305-8/+116
| | | | | But kept the original author, when they were specified in a comment, as the initial copyright holder.
* curl: point out the conflicting HTTP methods if usedDaniel Stenberg2015-08-254-8/+16
| | | | | | It isn't always clear to the user which options that cause the HTTP methods to conflict so by spelling them out it should hopefully be easier to understand why curl complains.
* curl: clarify that users can only specify one _METHOD_Daniel Stenberg2015-08-251-1/+1
|
* tool: fix memory leak with --proto-default optionDan Fandrich2015-08-231-0/+1
|
* CURLOPT_DEFAULT_PROTOCOL: addedNathaniel Waisbrot2015-08-229-10/+51
| | | | | | | | | | | | | | | - Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default protocol for schemeless URLs. - Add new tool option --proto-default to expose CURLOPT_DEFAULT_PROTOCOL. In the case of schemeless URLs libcurl will behave in this way: When the option is used libcurl will use the supplied default. When the option is not used, libcurl will follow its usual plan of guessing from the hostname and falling back to 'http'.
* gitignore: Sort for readabilityJay Satiro2015-08-181-8/+8
| | | | find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'
View Lorry Controller Status