summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* tool_doswin: Support for literal path prefix \\?\Jay Satiro2016-02-091-4/+11
| | | | For example something like --output \\?\C:\foo
* tool_urlglob: Allow reserved dos device names (Windows)Jay Satiro2016-02-081-1/+2
| | | | | | | | | | Allow --output to reserved dos device names without the device prefix for backwards compatibility. Example: --output NUL can be used instead of --output \\.\NUL Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863 Reported-by: Gisle Vanem
* tool_operhlp: Check for backslashes in get_url_file_nameJay Satiro2016-02-081-1/+5
| | | | | | | | | | Extract the filename from the last slash or backslash. Prior to this change backslashes could be part of the filename. This change needed for the curl tool built for Cygwin. Refer to the CYGWIN addendum in advisory 20160127B. Bug: https://curl.haxx.se/docs/adv_20160127B.html
* tool_doswin: Use type SANITIZEcode in sanitize_file_nameJay Satiro2016-02-051-7/+7
|
* tool_doswin: Improve sanitization processingJay Satiro2016-02-057-128/+424
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-0392-97/+97
|
* tool_operate: Don't sanitize --output path (Windows)Jay Satiro2016-02-011-11/+0
| | | | | | | | | | | | | Due to path separators being incorrectly sanitized in --output pathnames, eg -o c:\foo => c__foo This is a partial revert of 3017d8a until I write a proper fix. The remote-name will continue to be sanitized, but if the user specified an --output with string replacement (#1, #2, etc) that data is unsanitized until I finish a fix. Bug: https://github.com/bagder/curl/issues/624 Reported-by: Octavio Schroeder
* tool_doswin: silence unused function warningViktor Szakats2016-01-281-0/+4
| | | | | | | tool_doswin.c:185:14: warning: 'msdosify' defined but not used [-Wunused-function] Closes https://github.com/bagder/curl/pull/616
* curl: avoid local drive traversal when saving file (Windows)Ray Satiro2016-01-264-58/+187
| | | | | | | | | | | curl does not sanitize colons in a remote file name that is used as the local file name. This may lead to a vulnerability on systems where the colon is a special path character. Currently Windows/DOS is the only OS where this vulnerability applies. CVE-2016-0754 Bug: http://curl.haxx.se/docs/adv_20160127B.html
* Makefile.inc: s/curl_SOURCES/CURL_FILESDaniel Stenberg2015-12-233-3/+7
| | | | | | | | | This allows the root Makefile.am to include the Makefile.inc without causing automake to warn on it (variables named *_SOURCES are magic). curl_SOURCES is then instead assigned properly in src/Makefile.am only. Closes #577
* curl --expect100-timeout: addedDaniel Stenberg2015-12-154-0/+13
| | | | | This is the new command line option to set the value for the existing libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
* curl: use 2TLS by defaultDaniel Stenberg2015-12-132-1/+5
| | | | | | | | | Make this the default for the curl tool (if built with HTTP/2 powers enabled) unless a specific HTTP version is requested on the command line. This should allow more users to get HTTP/2 powers without having to change anything.
* curl: remove keepalive #ifdef checks done on libcurl's behalfDaniel Stenberg2015-12-031-4/+0
| | | | | | They didn't match the ifdef logic used within libcurl anyway so they could indeed warn for the wrong case - plus the tool cannot know how the lib actually performs at that level.
* tool_paramhlp: Fixed display of URL index in password prompt for --nextSteve Holme2015-11-271-1/+1
| | | | | | | | Commit f3bae6ed73 added the URL index to the password prompt when using --next. Unfortunately, because the size_t specifier (%zu) is not supported by all sprintf() implementations we use the curl_off_t format specifier instead. The display of an incorrect value arises on platforms where size_t and curl_off_t are of a different size.
* curl: expanded the -XHEAD warning textDaniel Stenberg2015-11-241-2/+2
| | | | ... to also mention the specific options used.
* Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg2015-11-242-3/+19
| | | | | | | This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
* curl: mark two more options strings for --libcurl outputDaniel Stenberg2015-11-131-2/+2
|
* cleanup: general removal of TODO (and similar) commentsDaniel Stenberg2015-11-132-19/+3
| | | | | | They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
* oauth2: Don't use XOAUTH2 in OAuth 2.0 variablesSteve Holme2015-11-095-6/+6
|
* oauth2: Use OAuth 2.0 rather than XOAUTH2 in commentsSteve Holme2015-11-092-2/+2
| | | | | When referring to OAuth 2.0 we should use the official name rather the SASL mechanism name.
* tool: Fixed a memory leak on OOM introduced in 19cb0c4aDan Fandrich2015-11-081-1/+1
|
* curl.h: s/HTTPPOST_/CURL_HTTPOST_Daniel Stenberg2015-10-311-3/+3
| | | | | | | | | Fixes a name space pollution at the cost of programs using one of these defines will no longer compile. However, the vast majority of libcurl programs that do multipart formposts use curl_formadd() to build this list. Closes #506
* copyrights: update Gisle Vanem's emailDaniel Stenberg2015-10-202-2/+2
|
* curl: slist_wc: remove curl_memory.h inclusionDaniel Stenberg2015-10-181-1/+0
| | | | ... that's for the library only.
* tool: Generate easysrc with last cache linked-listDaniel Hwang2015-10-186-36/+183
| | | | | | | | | | Using a last cache linked-list improves the performance of easysrc generation. Bug: https://github.com/bagder/curl/issues/444 Ref: https://github.com/bagder/curl/issues/429 Closes #452
* cookies: Add support for Mozilla's Publix Suffix ListTim Rühsen2015-10-171-0/+3
| | | | | | | | | | | | Use libpsl to check the domain value of Set-Cookie headers (and cookie jar entries) for not being a Publix Suffix. The configure script checks for "libpsl" by default. Disable the check with --without-libpsl. Ref: https://publicsuffix.org/ Ref: https://github.com/publicsuffix/list Ref: https://github.com/rockdaboot/libpsl
* tool_setopt: fix c_escape truncated octalMaksim Stsepanenka2015-10-021-1/+1
| | | | Closes https://github.com/bagder/curl/pull/469
* tool: remove redundant libcurl checkDaniel Hwang2015-09-221-41/+39
| | | | | | | | The easysrc generation is run only when --libcurl is initialized. Ref: https://github.com/bagder/curl/issues/429 Closes #448
* tool_operate: Don't call easysrc cleanup unless --libcurlJay Satiro2015-09-211-6/+9
| | | | | | | | | - Review of 4d95491. The author changed it so easysrc only initializes when --libcurl but did not do the same for the call to easysrc cleanup. Ref: https://github.com/bagder/curl/issues/429
* tool: generate easysrc only on --libcurlDaniel Lee Hwang2015-09-201-4/+6
| | | | | | | | | | Code should only be generated when --libcurl is used. Bug: https://github.com/bagder/curl/issues/429 Reported-by: @greafhe, Jay Satiro Closes #429 Closes #442
* curl: customrequest_helper: deal with NULL custom methodDaniel Stenberg2015-09-111-1/+3
|
* curl: point out unnecessary uses of -X in verbose modeDaniel Stenberg2015-09-115-16/+65
| | | | | | | | It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take down the tone a bit. It adds a warning for using -XHEAD on other methods becasue that may lead to a hanging connection.
* gitignore: ignore more generated VC MakefilesDaniel Stenberg2015-09-031-3/+1
|
* tool_sdecls.h: Fixed compilation warning from commit 4a889441d3Steve Holme2015-09-021-1/+1
| | | | tool_sdecls.h:139 warning: comma at end of enumerator list
* makefiles: Added our standard copyright headerSteve Holme2015-08-305-8/+116
| | | | | But kept the original author, when they were specified in a comment, as the initial copyright holder.
* curl: point out the conflicting HTTP methods if usedDaniel Stenberg2015-08-254-8/+16
| | | | | | It isn't always clear to the user which options that cause the HTTP methods to conflict so by spelling them out it should hopefully be easier to understand why curl complains.
* curl: clarify that users can only specify one _METHOD_Daniel Stenberg2015-08-251-1/+1
|
* tool: fix memory leak with --proto-default optionDan Fandrich2015-08-231-0/+1
|
* CURLOPT_DEFAULT_PROTOCOL: addedNathaniel Waisbrot2015-08-229-10/+51
| | | | | | | | | | | | | | | - Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default protocol for schemeless URLs. - Add new tool option --proto-default to expose CURLOPT_DEFAULT_PROTOCOL. In the case of schemeless URLs libcurl will behave in this way: When the option is used libcurl will use the supplied default. When the option is not used, libcurl will follow its usual plan of guessing from the hostname and falling back to 'http'.
* gitignore: Sort for readabilityJay Satiro2015-08-181-8/+8
| | | | find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'
* build: refer to fixed libidn versionsViktor Szakats2015-08-101-1/+1
| | | | closes #371
* comment: fix comment about adding new option supportDaniel Stenberg2015-07-261-1/+1
|
* tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPSJay Satiro2015-07-251-3/+6
| | | | | | | | | | - Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option. Broken by me several days ago in 172b2be. https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html Reported-by: Dan Fandrich
* SSL: Add an option to disable certificate revocation checksJay Satiro2015-07-176-2/+19
| | | | | | | | | | | | | | New tool option --ssl-no-revoke. New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS. Currently this option applies only to WinSSL where we have automatic certificate revocation checking by default. According to the ssl-compared chart there are other backends that have automatic checking (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at some later point. Bug: https://github.com/bagder/curl/issues/264 Reported-by: zenden2k <zenden2k@gmail.com>
* SSL: Pinned public key hash supportmoparisthebest2015-07-011-2/+1
|
* tool_header_cb: fflush the header streamDaniel Stenberg2015-06-251-0/+2
| | | | | | | | Flush the header stream when -D is used so that they are sent off earlier. Bug: https://github.com/bagder/curl/issues/324 Reported-by: Cédric Connes
* tool_help: fix --tlsv1 help text to use >= for TLSv1Lior Kaplan2015-06-211-1/+1
|
* tool: always provide negotiate/kerberos optionsDaniel Stenberg2015-06-183-33/+19
| | | | | libcurl can still be built with it, even if the tool is not. Maintain independence!
* help: Add --proxy-service-name and --service-name to the --help outputLinus Nielsen2015-06-081-0/+4
|
* checksrc: detect fopen() for text without the FOPEN_* macrosDaniel Stenberg2015-06-022-2/+2
| | | | | | | | Follow-up to e8423f9ce150 with discussionis in https://github.com/bagder/curl/pull/258 This check scans for fopen() with a mode string without 'b' present, as it may indicate that an FOPEN_* define should rather be used.
View Lorry Controller Status