1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 17:48:48 -05:00
Commit Graph

155 Commits

Author SHA1 Message Date
Daniel Stenberg
042cc1f69e - David Kierznowski notified us about a security flaw
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
  which previous libcurl versions (by design) can be tricked to access an
  arbitrary local/different file instead of a remote one when
  CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
  together this the addition of two new setopt options for controlling this
  new behavior:

  o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
  follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
  excludes the FILE and SCP protocols and thus you nee to explicitly allow
  them in your app if you really want that behavior.

  o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
  using the primary URL option. This is useful if you want to allow a user or
  other outsiders control what URL to pass to libcurl and yet not allow all
  protocols libcurl may have been built to support.
2009-03-02 23:05:31 +00:00
Daniel Stenberg
0517fa153c three new CURLFTP_CREATE_DIR* symbols 2009-02-17 09:43:27 +00:00
Daniel Stenberg
002cf105c6 - CURLINFO_CONDITION_UNMET was added to allow an application to get to know if
the condition in the previous request was unmet. This is typically a time
  condition set with CURLOPT_TIMECONDITION and was previously not possible to
  reliably figure out. From bug report #2565128
  (http://curl.haxx.se/bug/view.cgi?id=2565128)
2009-02-11 21:47:14 +00:00
Daniel Stenberg
517b8ed057 completed the CURLPROXY_ collection 2009-02-10 12:52:09 +00:00
Daniel Stenberg
c65f9acdc7 introducing the symbols-in-versions file, in an effort to help app authors
to better know and track symbols in earlier libcurl versions
2009-02-10 12:33:10 +00:00