1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 00:28:48 -05:00
Commit Graph

1906 Commits

Author SHA1 Message Date
Daniel Stenberg
6dbc23cfd8 curl: fix -q [regression]
This broke in 7.49.0 with commit e200034425

Fixes #842
2016-05-31 14:25:40 +02:00
Frank Gevaerts
071c561394 http: add CURLINFO_HTTP_VERSION and %{http_version}
Adds access to the effectively used http version to both libcurl and
curl.

Closes #799
2016-05-30 22:58:51 +02:00
Jay Satiro
b9728bca54 tool_cb_hdr: Fix --remote-header-name with schemeless URL
- Move the existing scheme check from tool_operate.

In the case of --remote-header-name we want to parse Content-disposition
for a filename, but only if the scheme is http or https. A recent
adjustment 0dc4d8e was made to account for schemeless URLs however it's
not 100% accurate. To remedy that I've moved the scheme check to the
header callback, since at that point the library has already determined
the scheme.

Bug: https://github.com/curl/curl/issues/760
Reported-by: Kai Noda
2016-05-01 16:07:04 -04:00
Jay Satiro
0dc4d8e42e curl -J: make it work even without http:// scheme on URL
It does open up a miniscule risk that one of the other protocols that
libcurl could use would send back a Content-Disposition header and then
curl would act on it even if not HTTP.

A future mitigation for this risk would be to allow the callback to ask
libcurl which protocol is being used.

Verified with test 1312

Closes #760
2016-04-29 15:24:10 +02:00
Daniel Stenberg
a744591d60 curl: show the long option version of -q in the -h list 2016-04-29 00:31:37 +02:00
Daniel Stenberg
ce7826f613 curl: remove "--socks" as "--socks5" turned 8
In commit 2e42b0a252 (Jan 2008) we made the option "--socks" deprecated
and it has not been documented since. The more explicit socks options
(like --socks4 or --socks5) should be used.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d0f42e5273 curl: remove --http-request
It was mentioned as deprecated already in commit ae1912cb0d from
1999. It has not been documented in this millennium.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
9b1ed2ea8e curl: mention --ntlm-wb in -h list 2016-04-29 00:31:37 +02:00
Daniel Stenberg
c6eb7b6301 curl: -h output lacked --proxy-header 2016-04-29 00:31:37 +02:00
Daniel Stenberg
10ea631390 curl: use --telnet-option as documented
The code said "telnet-options" but no documentation ever said so. It
worked fine since the code is fine with a unique match of the first
part.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d6fa190503 getparam: remove support for --ftpport
It has been deprecated and undocumented since commit ad5ead8bed (Dec
2003). --ftp-port is the proper long option name.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
e200034425 curl: make --disable work as long form of -q
To make the aliases list reflect reality.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
b499973c7b aliases: remove trailing space from capath string 2016-04-29 00:31:37 +02:00
Daniel Stenberg
388c6b5e75 cmdline parse: only single letter options have single-letter strings
... moved around options so that parsing the code to find all
single-letter options easier.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
3c1e84f569 curl: make --ftp-create-dirs retry on failure
The underlying libcurl option used for this feature is
CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir
creation, but it was never set to do that by the command line tool.

Now it does.

Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html
Reported-by: John Wanghui
Help-by: Leif W
2016-04-22 15:25:13 +02:00
Daniel Stenberg
5470c86845 src/checksrc.whitelist: removed 2016-04-19 08:56:06 +02:00
Daniel Stenberg
2dd018f450 tool_operate: switch to inline checksrc ignore 2016-04-19 08:56:06 +02:00
Alessandro Ghedini
d49087f6bc tool: add --tcp-fastopen option 2016-04-18 23:17:19 +02:00
Daniel Stenberg
a542536cf6 checksrc: pass on -D so the whitelists are found correctly 2016-04-18 20:10:52 +02:00
Daniel Stenberg
ab493af731 checksrc/makefile.am: use $top_srcdir to find source files
... to properly support out of source tree builds.
2016-04-18 14:58:11 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Daniel Stenberg
f86f50f05a makefile.vc6: use d suffix on debug object
To allow both release and debug builds in parallel.

Reported-by: Rod Widdowson

Fixes #769
2016-04-17 17:16:21 +02:00
Steve Holme
ccf7a82605 CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.

As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
2016-04-09 20:47:05 +01:00
Steve Holme
43116218c0 url: Corrected comments following 9d89a0387 2016-04-09 05:33:03 +01:00
Steve Holme
d6b4de083f checksrc: Fix issue with the autobuilds not picking up the whitelist 2016-04-08 20:32:40 +01:00
Daniel Stenberg
a8b51a179a lib/src: fix the checksrc invoke
... now works correctly when invoke from the root makefile
2016-04-03 23:07:30 +02:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Diego Bes
324a97ecf8 http2: support "prior knowledge", no upgrade from HTTP/1.1
Supports HTTP/2 over clear TCP

- Optimize switching to HTTP/2 by removing calls to init and setup
before switching. Switching will eventually call setup and setup calls
init.

- Supports new version to “force” the use of HTTP/2 over clean TCP

- Add common line parameter “--http2-prior-knowledge” to the Curl
  command line tool.
2016-03-31 22:23:11 +02:00
Jay Satiro
67a762928e tool_operate: remove mixed declaration
This is a follow up to the previous commit.
2016-03-28 16:46:26 -04:00
Daniel Stenberg
ab86007df4 curl: warn for --capath use if not supported by libcurl
Closes #492
2016-03-28 20:28:23 +02:00
Daniel Stenberg
4ef6d6b1bc curl: glob_range: no need to check unsigned variable for negative
cppcheck warned:

[src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n'
is less than zero.
2016-03-14 10:51:25 +01:00
Viktor Szakats
6c7a5b9603 makefile.m32: add missing libs for static -winssl-ssh2 builds
Bug: https://github.com/curl/curl/pull/693
2016-03-05 21:50:12 -05:00
Viktor Szakats
05401b9a3b makefile.m32: fix to allow -ssh2-winssl combination
In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl
(OpenSSL) option, with no way to override it with -winssl. Since both
libssh2 and curl support using Windows's built-in SSL backend, modify
the logic to allow that combination.
2016-03-05 13:40:34 -05:00
Viktor Szakats
d678bd6f60 makefile.m32: allow to pass .dll/.exe-specific LDFLAGS
using envvars `CURL_LDFLAG_EXTRAS_DLL` and
`CURL_LDFLAG_EXTRAS_EXE` respectively. This
is useful f.e. to pass ASLR-related extra
options, that are required to make this
feature work when using the mingw toolchain.

Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985

Closes https://github.com/curl/curl/pull/689
2016-03-01 17:46:16 -05:00
Jay Satiro
186546f1c5 TFTP: add option to suppress TFTP option requests (Part 2)
- Add tests.

- Add an example to CURLOPT_TFTP_NO_OPTIONS.3.

- Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.

Bug: https://github.com/curl/curl/issues/481
2016-02-23 03:01:07 -05:00
Viktor Szakats
91cfcc5d6f src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support
Sync with lib/Makefile.m32 which already uses those variables.

Bug: https://github.com/curl/curl/pull/670
2016-02-20 15:45:39 -05:00
Jay Satiro
4fc80f3e75 tool_doswin: Support for literal path prefix \\?\
For example something like --output \\?\C:\foo
2016-02-09 03:28:58 -05:00
Jay Satiro
c3aac48919 tool_urlglob: Allow reserved dos device names (Windows)
Allow --output to reserved dos device names without the device prefix
for backwards compatibility.

Example: --output NUL can be used instead of --output \\.\NUL

Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863
Reported-by: Gisle Vanem
2016-02-08 15:09:42 -05:00
Jay Satiro
d572d2664d tool_operhlp: Check for backslashes in get_url_file_name
Extract the filename from the last slash or backslash. Prior to this
change backslashes could be part of the filename.

This change needed for the curl tool built for Cygwin. Refer to the
CYGWIN addendum in advisory 20160127B.

Bug: https://curl.haxx.se/docs/adv_20160127B.html
2016-02-08 03:14:04 -05:00
Jay Satiro
9b6598ed08 tool_doswin: Use type SANITIZEcode in sanitize_file_name 2016-02-05 02:22:24 -05:00
Jay Satiro
4520534e6d tool_doswin: Improve sanitization processing
- Add unit test 1604 to test the sanitize_file_name function.

- Use -DCURL_STATICLIB when building libcurltool for unit testing.

- Better detection of reserved DOS device names.

- New flags to modify sanitize behavior:

SANITIZE_ALLOW_COLONS: Allow colons
SANITIZE_ALLOW_PATH: Allow path separators and colons
SANITIZE_ALLOW_RESERVED: Allow reserved device names
SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename

- Restore sanitization of banned characters from user-specified outfile.

Prior to this commit sanitization of a user-specified outfile was
temporarily disabled in 2b6dadc because there was no way to allow path
separators and colons through while replacing other banned characters.
Now in such a case we call the sanitize function with
SANITIZE_ALLOW_PATH which allows path separators and colons to pass
through.


Closes https://github.com/curl/curl/issues/624
Reported-by: Octavio Schroeder
2016-02-05 01:44:27 -05:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Jay Satiro
2b6dadc52d tool_operate: Don't sanitize --output path (Windows)
Due to path separators being incorrectly sanitized in --output
pathnames, eg -o c:\foo => c__foo

This is a partial revert of 3017d8a until I write a proper fix. The
remote-name will continue to be sanitized, but if the user specified an
--output with string replacement (#1, #2, etc) that data is unsanitized
until I finish a fix.

Bug: https://github.com/bagder/curl/issues/624
Reported-by: Octavio Schroeder
2016-02-01 04:11:46 -05:00
Viktor Szakats
1597af51b1 tool_doswin: silence unused function warning
tool_doswin.c:185:14: warning: 'msdosify' defined but not used
[-Wunused-function]

Closes https://github.com/bagder/curl/pull/616
2016-01-28 02:45:36 -05:00
Ray Satiro
3017d8a8d8 curl: avoid local drive traversal when saving file (Windows)
curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

CVE-2016-0754

Bug: http://curl.haxx.se/docs/adv_20160127B.html
2016-01-26 23:42:55 +01:00
Daniel Stenberg
bfe6f1f788 Makefile.inc: s/curl_SOURCES/CURL_FILES
This allows the root Makefile.am to include the Makefile.inc without
causing automake to warn on it (variables named *_SOURCES are
magic). curl_SOURCES is then instead assigned properly in
src/Makefile.am only.

Closes #577
2015-12-23 12:07:50 +01:00
Daniel Stenberg
b4a39491ca curl --expect100-timeout: added
This is the new command line option to set the value for the existing
libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
2015-12-15 13:59:56 +01:00
Daniel Stenberg
536f5f442e curl: use 2TLS by default
Make this the default for the curl tool (if built with HTTP/2 powers
enabled) unless a specific HTTP version is requested on the command
line.

This should allow more users to get HTTP/2 powers without having to
change anything.
2015-12-13 09:26:43 +01:00
Daniel Stenberg
f606435419 curl: remove keepalive #ifdef checks done on libcurl's behalf
They didn't match the ifdef logic used within libcurl anyway so they
could indeed warn for the wrong case - plus the tool cannot know how the
lib actually performs at that level.
2015-12-03 09:55:00 +01:00
Steve Holme
db05d7a731 tool_paramhlp: Fixed display of URL index in password prompt for --next
Commit f3bae6ed73 added the URL index to the password prompt when using
--next. Unfortunately, because the size_t specifier (%zu) is not
supported by all sprintf() implementations we use the curl_off_t format
specifier instead. The display of an incorrect value arises on platforms
where size_t and curl_off_t are of a different size.
2015-11-27 06:59:02 +00:00