aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/cmdline-opts/proto-redir.d9
-rw-r--r--docs/libcurl/libcurl-security.34
-rw-r--r--docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.33
-rw-r--r--docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.39
-rw-r--r--include/curl/curl.h3
-rw-r--r--lib/setopt.c3
-rw-r--r--lib/url.c3
7 files changed, 18 insertions, 16 deletions
diff --git a/docs/cmdline-opts/proto-redir.d b/docs/cmdline-opts/proto-redir.d
index c9eeeab1d..a1205dd03 100644
--- a/docs/cmdline-opts/proto-redir.d
+++ b/docs/cmdline-opts/proto-redir.d
@@ -11,7 +11,8 @@ Example, allow only HTTP and HTTPS on redirect:
curl --proto-redir -all,http,https http://example.com
-By default curl will allow all protocols on redirect except several disabled
-for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0
-SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP enables all
-protocols on redirect, including those disabled for security.
+By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2).
+Older versions of curl allowed all protocols on redirect except several
+disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and
+since 7.40.0 SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP
+enables all protocols on redirect, including those disabled for security.
diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3
index cdb97915c..da45ed7f6 100644
--- a/docs/libcurl/libcurl-security.3
+++ b/docs/libcurl/libcurl-security.3
@@ -97,8 +97,8 @@ Never ever switch off certificate verification.
The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP
redirects sent by a remote server. These redirects can refer to any kind of
URL, not just HTTP. libcurl restricts the protocols allowed to be used in
-redirects for security reasons: only HTTP, HTTPS and FTP are enabled by
-default. Applications may opt to restrict thus set further.
+redirects for security reasons: only HTTP, HTTPS, FTP and FTPS are
+enabled by default. Applications may opt to restrict that set further.
A redirect to a file: URL would cause the libcurl to read (or write) arbitrary
files from the local filesystem. If the application returns the data back to
diff --git a/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3
index f8d2b1889..d9f453817 100644
--- a/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3
+++ b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3
@@ -39,7 +39,8 @@ libcurl will follow.
libcurl limits what protocols it automatically follows to. The accepted
protocols are set with \fICURLOPT_REDIR_PROTOCOLS(3)\fP. By default libcurl
-will allow all protocols on redirect except those disabled for security
+will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2). Older versions of
+libcurl allowed all protocols on redirect except those disabled for security
reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS
are also disabled.
diff --git a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3
index 3a5c3fcdc..f8901108b 100644
--- a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3
+++ b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3
@@ -37,10 +37,11 @@ redirections.
Protocols denied by \fICURLOPT_PROTOCOLS(3)\fP are not overridden by this
option.
-By default libcurl will allow all protocols on redirect except several disabled
-for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0
-SMB and SMBS are also disabled. \fICURLPROTO_ALL\fP enables all protocols on
-redirect, including those disabled for security.
+By default libcurl will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2).
+Older versions of libcurl allowed all protocols on redirect except several
+disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and
+since 7.40.0 SMB and SMBS are also disabled. \fICURLPROTO_ALL\fP enables all
+protocols on redirect, including those disabled for security.
These are the available protocol defines:
.nf
diff --git a/include/curl/curl.h b/include/curl/curl.h
index 20f0d7155..19f6c0b5a 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -1574,8 +1574,7 @@ typedef enum {
/* set the bitmask for the protocols that libcurl is allowed to follow to,
as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
- to be set in both bitmasks to be allowed to get redirected to. Defaults
- to all protocols except FILE and SCP. */
+ to be set in both bitmasks to be allowed to get redirected to. */
CINIT(REDIR_PROTOCOLS, LONG, 182),
/* set the SSH knownhost file name to use */
diff --git a/lib/setopt.c b/lib/setopt.c
index bdfe86ac7..1dbf00faf 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -2374,8 +2374,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
case CURLOPT_REDIR_PROTOCOLS:
/* set the bitmask for the protocols that libcurl is allowed to follow to,
as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
- to be set in both bitmasks to be allowed to get redirected to. Defaults
- to all protocols except FILE and SCP. */
+ to be set in both bitmasks to be allowed to get redirected to. */
data->set.redir_protocols = va_arg(param, long);
break;
diff --git a/lib/url.c b/lib/url.c
index 258f60c8f..2b47b235d 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -488,7 +488,8 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
define since we internally only use the lower 16 bits for the passed
in bitmask to not conflict with the private bits */
set->allowed_protocols = CURLPROTO_ALL;
- set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP;
+ set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP |
+ CURLPROTO_FTPS;
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
/*