allow user+password in the URL for all protocols

Ben Greear brought a patch that from now on allows all protocols to specify name and user within the URL, in the same manner HTTP and FTP have been allowed to in the past - although far from all of the libcurl supported protocols actually have that feature in their URL definition spec.
2024-12-22 08:08:50 -05:00 · 2010-03-27 23:00:51 +01:00 · 2010-03-27 23:00:51 +01:00 · 0eda142e90
commit 0eda142e90
parent e2bd52e553
3 changed files with 52 additions and 46 deletions
--- a/6
+++ b/6
@ -6,6 +6,12 @@

                                  Changelog

+Daniel Stenberg (27 Mar 2010)
+- Ben Greear brought a patch that from now on allows all protocols to specify
+  name and user within the URL, in the same manner HTTP and FTP have been
+  allowed to in the past - although far from all of the libcurl supported
+  protocls actually have that feature in their URL definition spec.
+
 Daniel Stenberg (26 Mar 2010)
 - Ben Greear brought code that makes the rate limiting code for the easy
  interface a bit smoother as it introduces sub-second sleeps during it and it
--- a/1
+++ b/1
@ -11,6 +11,7 @@ This release includes the following changes:

 o The 'ares' subtree has been removed from the source repository
 o smoother rate limiting
+ o allow user+password in URL for all protocols

 This release includes the following bugfixes:

--- a/lib/url.c
+++ b/lib/url.c
@ -4113,63 +4113,62 @@ static CURLcode parse_url_userpass(struct SessionHandle *data,
   * We need somewhere to put the embedded details, so do that first.
   */

+  char *ptr=strchr(conn->host.name, '@');
+  char *userpass = conn->host.name;
+
  user[0] =0;   /* to make everything well-defined */
  passwd[0]=0;

-  if(conn->protocol & (PROT_FTP|PROT_HTTP|PROT_SCP|PROT_SFTP)) {
-    /* This is a FTP, HTTP, SCP or SFTP URL, we will now try to extract the
-     * possible user+password pair in a string like:
-     * ftp://user:password@ftp.my.site:8021/README */
-    char *ptr=strchr(conn->host.name, '@');
-    char *userpass = conn->host.name;
-    if(ptr != NULL) {
-      /* there's a user+password given here, to the left of the @ */
+  /* We will now try to extract the
+   * possible user+password pair in a string like:
+   * ftp://user:password@ftp.my.site:8021/README */
+  if(ptr != NULL) {
+    /* there's a user+password given here, to the left of the @ */

-      conn->host.name = ++ptr;
+    conn->host.name = ++ptr;

-      /* So the hostname is sane.  Only bother interpreting the
-       * results if we could care.  It could still be wasted
-       * work because it might be overtaken by the programmatically
-       * set user/passwd, but doing that first adds more cases here :-(
-       */
+    /* So the hostname is sane.  Only bother interpreting the
+     * results if we could care.  It could still be wasted
+     * work because it might be overtaken by the programmatically
+     * set user/passwd, but doing that first adds more cases here :-(
+     */

-      conn->bits.userpwd_in_url = 1;
-      if(data->set.use_netrc != CURL_NETRC_REQUIRED) {
-        /* We could use the one in the URL */
+    conn->bits.userpwd_in_url = 1;
+    if(data->set.use_netrc != CURL_NETRC_REQUIRED) {
+      /* We could use the one in the URL */

-        conn->bits.user_passwd = TRUE; /* enable user+password */
+      conn->bits.user_passwd = TRUE; /* enable user+password */

-        if(*userpass != ':') {
-          /* the name is given, get user+password */
-          sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
-                 "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
-                 user, passwd);
-        }
-        else
-          /* no name given, get the password only */
-          sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
+      if(*userpass != ':') {
+        /* the name is given, get user+password */
+        sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
+               "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
+               user, passwd);
+      }
+      else
+        /* no name given, get the password only */
+        sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);

-        if(user[0]) {
-          char *newname=curl_easy_unescape(data, user, 0, NULL);
-          if(!newname)
-            return CURLE_OUT_OF_MEMORY;
-          if(strlen(newname) < MAX_CURL_USER_LENGTH)
-            strcpy(user, newname);
+      if(user[0]) {
+        char *newname=curl_easy_unescape(data, user, 0, NULL);
+        if(!newname)
+          return CURLE_OUT_OF_MEMORY;
+        if(strlen(newname) < MAX_CURL_USER_LENGTH)
+          strcpy(user, newname);

-          /* if the new name is longer than accepted, then just use
-             the unconverted name, it'll be wrong but what the heck */
-          free(newname);
-        }
-        if(passwd[0]) {
-          /* we have a password found in the URL, decode it! */
-          char *newpasswd=curl_easy_unescape(data, passwd, 0, NULL);
-          if(!newpasswd)
-            return CURLE_OUT_OF_MEMORY;
-          if(strlen(newpasswd) < MAX_CURL_PASSWORD_LENGTH)
-            strcpy(passwd, newpasswd);
+        /* if the new name is longer than accepted, then just use
+           the unconverted name, it'll be wrong but what the heck */
+        free(newname);
+      }
+      if(passwd[0]) {
+        /* we have a password found in the URL, decode it! */
+        char *newpasswd=curl_easy_unescape(data, passwd, 0, NULL);
+        if(!newpasswd)
+          return CURLE_OUT_OF_MEMORY;
+        if(strlen(newpasswd) < MAX_CURL_PASSWORD_LENGTH)
+          strcpy(passwd, newpasswd);

-          free(newpasswd);
-        }
+        free(newpasswd);
      }
    }
  }