diff options
author | Patrick Monnerat <patrick@monnerat.net> | 2018-12-11 15:21:10 +0100 |
---|---|---|
committer | Patrick Monnerat <patrick@monnerat.net> | 2018-12-11 15:31:23 +0100 |
commit | 37093a21a6f5dd0233f2a92af5ae69d8417b8a51 (patch) | |
tree | fb69d9cb5faefc45db1196d419be61974c8775f4 | |
parent | 70d8ac624f74296e4a325f10d3444a957c0f7748 (diff) |
documentation: curl_formadd field and file names are now escaped
Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
header without special processing: this may lead to invalid RFC 822
quoted-strings.
7.56.0 introduces escaping of backslashes and double quotes in these names:
mention it in the documentation.
Reported-by: daboul on github
Closes #3361
-rw-r--r-- | docs/libcurl/curl_formadd.3 | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/docs/libcurl/curl_formadd.3 b/docs/libcurl/curl_formadd.3 index de202aa47..28047b214 100644 --- a/docs/libcurl/curl_formadd.3 +++ b/docs/libcurl/curl_formadd.3 @@ -175,7 +175,8 @@ Deprecated in 7.56.0. Before this release, field names were allowed to contain zero-valued bytes. The pseudo-filename "-" to read stdin is discouraged although still supported, but data is not read before being actually sent: the effective data size can then not be automatically -determined, resulting in a chunked encoding transfer. +determined, resulting in a chunked encoding transfer. Backslashes and +double quotes in field and file names are now escaped before transmission. .SH RETURN VALUE 0 means everything was ok, non-zero means an error occurred corresponding to a CURL_FORMADD_* constant defined in |