diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/setopt.c | 4 | ||||
-rw-r--r-- | lib/url.c | 7 | ||||
-rw-r--r-- | lib/urldata.h | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/lib/setopt.c b/lib/setopt.c index 93a4dd2b5..5ecf5b97f 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -2590,6 +2590,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, case CURLOPT_DNS_SHUFFLE_ADDRESSES: data->set.dns_shuffle_addresses = (0 != va_arg(param, long)) ? TRUE:FALSE; break; + case CURLOPT_DISALLOW_USERNAME_IN_URL: + data->set.disallow_username_in_url = + (0 != va_arg(param, long)) ? TRUE : FALSE; + break; default: /* unknown tag and its companion, just ignore: */ result = CURLE_UNKNOWN_OPTION; @@ -3170,6 +3170,13 @@ static CURLcode parse_url_login(struct Curl_easy *data, if(userp) { char *newname; + if(data->set.disallow_username_in_url) { + failf(data, "Option DISALLOW_USERNAME_IN_URL is set " + "and url contains username."); + result = CURLE_LOGIN_DENIED; + goto out; + } + /* We have a user in the URL */ conn->bits.userpwd_in_url = TRUE; conn->bits.user_passwd = TRUE; /* enable user+password */ diff --git a/lib/urldata.h b/lib/urldata.h index f1b67c3d1..7e647a2a6 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1689,6 +1689,7 @@ struct UserDefined { curl_resolver_start_callback resolver_start; /* optional callback called before resolver start */ void *resolver_start_client; /* pointer to pass to resolver start callback */ + bool disallow_username_in_url; /* disallow username in url */ }; struct Names { |