diff options
-rw-r--r-- | docs/libcurl/libcurl-tutorial.3 | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/libcurl/libcurl-tutorial.3 b/docs/libcurl/libcurl-tutorial.3 index 236eba056..72f002963 100644 --- a/docs/libcurl/libcurl-tutorial.3 +++ b/docs/libcurl/libcurl-tutorial.3 @@ -1237,6 +1237,15 @@ are used to generate structured data. Characters like embedded carriage returns or ampersands could allow the user to create additional headers or fields that could cause malicious transactions. +.IP "Server-supplied Names" +A server can supply data which the application may, in some cases, use as +a file name. The curl command-line tool does this with --remote-header-name, +using the Content-disposition: header to generate a file name. An application +could also use CURLINFO_EFFECTIVE_URL to generate a file name from a +server-supplied redirect URL. Special care must be taken to sanitize such +names to avoid the possibility of a malicious server supplying one like +"/etc/passwd", "\autoexec.bat" or even ".bashrc". + .IP "Server Certificates" A secure application should never use the CURLOPT_SSL_VERIFYPEER option to disable certificate validation. There are numerous attacks that are enabled |