diff options
author | Daniel Stenberg <daniel@haxx.se> | 2005-03-12 19:39:27 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2005-03-12 19:39:27 +0000 |
commit | 2f8085af15468741266e162af15804061d960d85 (patch) | |
tree | b31711b430446587b5a13905fefed62d801086d9 /docs/MANUAL | |
parent | 88a4dc27954a56bca826085d57df0603c055d4cf (diff) |
David Houlder added --form-string
Diffstat (limited to 'docs/MANUAL')
-rw-r--r-- | docs/MANUAL | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/MANUAL b/docs/MANUAL index 26bb8f65a..86449d7d3 100644 --- a/docs/MANUAL +++ b/docs/MANUAL @@ -299,6 +299,13 @@ POST (HTTP) curl -F "docpicture=@dog.gif" -F "catpicture=@cat.gif" + To send a field value literally without interpreting a leading '@' + or '<', or an embedded ';type=', use --form-string instead of + -F. This is recommended when the value is obtained from a user or + some other unpredictable source. Under these circumstances, using + -F instead of --form-string would allow a user to trick curl into + uploading a file. + REFERRER A HTTP request has the option to include information about which address |