mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
042cc1f69e
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support. |
||
|---|---|---|
| ares | ||
| docs | ||
| include | ||
| lib | ||
| m4 | ||
| packages | ||
| perl | ||
| src | ||
| tests | ||
| .cvsignore | ||
| acinclude.m4 | ||
| buildconf | ||
| buildconf.bat | ||
| CHANGES | ||
| CHANGES.0 | ||
| configure.ac | ||
| COPYING | ||
| curl-config.in | ||
| curl-style.el | ||
| CVS-INFO | ||
| diff-exclude | ||
| install-sh | ||
| libcurl.pc.in | ||
| MacOSX-Framework | ||
| Makefile.am | ||
| Makefile.dist | ||
| maketgz | ||
| missing | ||
| mkinstalldirs | ||
| README | ||
| RELEASE-NOTES | ||
| sample.emacs | ||
| TODO-RELEASE | ||
| vc6curl.dsw | ||
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
README
Curl is a command line tool for transferring data specified with URL
syntax. Find out how to use curl by reading the curl.1 man page or the
MANUAL document. Find out how to install Curl by reading the INSTALL
document.
libcurl is the library curl is using to do its job. It is readily
available to be used by your software. Read the libcurl.3 man page to
learn how!
You find answers to the most frequent questions we get in the FAQ document.
Study the COPYING file for distribution terms and similar. If you distribute
curl binaries or other binaries that involve libcurl, you might enjoy the
LICENSE-MIXING document.
CONTACT
If you have problems, questions, ideas or suggestions, please contact us
by posting to a suitable mailing list. See http://curl.haxx.se/mail/
All contributors to the project are listed in the THANKS document.
WEB SITE
Visit the curl web site for the latest news and downloads:
http://curl.haxx.se/
CVS
To download the very latest source off the CVS server do this:
cvs -d :pserver:anonymous@cool.haxx.se:/cvsroot/curl login
(just press enter when asked for password)
cvs -d :pserver:anonymous@cool.haxx.se:/cvsroot/curl co curl
(you'll get a directory named curl created, filled with the source code)
NOTICE
Curl contains pieces of source code that is Copyright (c) 1998, 1999
Kungliga Tekniska Högskolan. This notice is included here to comply with the
distribution terms.