allow user+password in the URL for all protocols

Ben Greear brought a patch that from now on allows all protocols to specify name and user within the URL, in the same manner HTTP and FTP have been allowed to in the past - although far from all of the libcurl supported protocols actually have that feature in their URL definition spec.
2024-12-22 16:18:48 -05:00 · 2010-03-27 23:00:51 +01:00 · 2010-03-27 23:00:51 +01:00 · 0eda142e90
commit 0eda142e90
parent e2bd52e553
3 changed files with 52 additions and 46 deletions
--- a/6
+++ b/6
@ -6,6 +6,12 @@
                                  Changelog
 Daniel Stenberg (27 Mar 2010)
 - Ben Greear brought a patch that from now on allows all protocols to specify
  name and user within the URL, in the same manner HTTP and FTP have been
  allowed to in the past - although far from all of the libcurl supported
  protocls actually have that feature in their URL definition spec.
 Daniel Stenberg (26 Mar 2010)
 - Ben Greear brought code that makes the rate limiting code for the easy
  interface a bit smoother as it introduces sub-second sleeps during it and it
--- a/1
+++ b/1
@ -11,6 +11,7 @@ This release includes the following changes:
 o The 'ares' subtree has been removed from the source repository
 o smoother rate limiting
 o allow user+password in URL for all protocols
 This release includes the following bugfixes:
--- a/lib/url.c
+++ b/lib/url.c
@ -4113,63 +4113,62 @@ static CURLcode parse_url_userpass(struct SessionHandle *data,
   * We need somewhere to put the embedded details, so do that first.
   */
  char *ptr=strchr(conn->host.name, '@');
  char *userpass = conn->host.name;
  user[0] =0;   /* to make everything well-defined */
  passwd[0]=0;
-  if(conn->protocol & (PROT_FTP|PROT_HTTP|PROT_SCP|PROT_SFTP)) {
+  /* We will now try to extract the
-    /* This is a FTP, HTTP, SCP or SFTP URL, we will now try to extract the
+   * possible user+password pair in a string like:
-     * possible user+password pair in a string like:
+   * ftp://user:password@ftp.my.site:8021/README */
-     * ftp://user:password@ftp.my.site:8021/README */
+  if(ptr != NULL) {
-    char *ptr=strchr(conn->host.name, '@');
+    /* there's a user+password given here, to the left of the @ */
    char *userpass = conn->host.name;
    if(ptr != NULL) {
      /* there's a user+password given here, to the left of the @ */
-      conn->host.name = ++ptr;
+    conn->host.name = ++ptr;
-      /* So the hostname is sane.  Only bother interpreting the
+    /* So the hostname is sane.  Only bother interpreting the
-       * results if we could care.  It could still be wasted
+     * results if we could care.  It could still be wasted
-       * work because it might be overtaken by the programmatically
+     * work because it might be overtaken by the programmatically
-       * set user/passwd, but doing that first adds more cases here :-(
+     * set user/passwd, but doing that first adds more cases here :-(
-       */
+     */
-      conn->bits.userpwd_in_url = 1;
+    conn->bits.userpwd_in_url = 1;
-      if(data->set.use_netrc != CURL_NETRC_REQUIRED) {
+    if(data->set.use_netrc != CURL_NETRC_REQUIRED) {
-        /* We could use the one in the URL */
+      /* We could use the one in the URL */
-        conn->bits.user_passwd = TRUE; /* enable user+password */
+      conn->bits.user_passwd = TRUE; /* enable user+password */
-        if(*userpass != ':') {
+      if(*userpass != ':') {
-          /* the name is given, get user+password */
+        /* the name is given, get user+password */
-          sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
+        sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
-                 "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
+               "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
-                 user, passwd);
+               user, passwd);
-        }
+      }
-        else
+      else
-          /* no name given, get the password only */
+        /* no name given, get the password only */
-          sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
+        sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
-        if(user[0]) {
+      if(user[0]) {
-          char *newname=curl_easy_unescape(data, user, 0, NULL);
+        char *newname=curl_easy_unescape(data, user, 0, NULL);
-          if(!newname)
+        if(!newname)
-            return CURLE_OUT_OF_MEMORY;
+          return CURLE_OUT_OF_MEMORY;
-          if(strlen(newname) < MAX_CURL_USER_LENGTH)
+        if(strlen(newname) < MAX_CURL_USER_LENGTH)
-            strcpy(user, newname);
+          strcpy(user, newname);
-          /* if the new name is longer than accepted, then just use
+        /* if the new name is longer than accepted, then just use
-             the unconverted name, it'll be wrong but what the heck */
+           the unconverted name, it'll be wrong but what the heck */
-          free(newname);
+        free(newname);
-        }
+      }
-        if(passwd[0]) {
+      if(passwd[0]) {
-          /* we have a password found in the URL, decode it! */
+        /* we have a password found in the URL, decode it! */
-          char *newpasswd=curl_easy_unescape(data, passwd, 0, NULL);
+        char *newpasswd=curl_easy_unescape(data, passwd, 0, NULL);
-          if(!newpasswd)
+        if(!newpasswd)
-            return CURLE_OUT_OF_MEMORY;
+          return CURLE_OUT_OF_MEMORY;
-          if(strlen(newpasswd) < MAX_CURL_PASSWORD_LENGTH)
+        if(strlen(newpasswd) < MAX_CURL_PASSWORD_LENGTH)
-            strcpy(passwd, newpasswd);
+          strcpy(passwd, newpasswd);
-          free(newpasswd);
+        free(newpasswd);
        }
      }
    }
  }