curl - cURL mirror with patches applied

Age	Commit message (Collapse)	Author
2012-01-24	URL sanitize: reject URLs containing bad data	Daniel Stenberg
	Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2011-07-26	stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h	Yang Tse

2011-05-23	compiler warning: fix	Yang Tse
	Fix compiler warning: expression has no effect
2011-04-27	source cleanup: unify look, style and indent levels	Daniel Stenberg
	By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
2011-04-20	CURL_DOES_CONVERSIONS: cleanup	Daniel Stenberg
	Massively reduce #ifdefs all over (23 #ifdef lines less so far) Moved conversion-specific code to non-ascii.c
2010-09-28	curl_easy_escape: don't escape "unreserved" characters	Daniel Stenberg
	According to RFC3986 section 2.3 the letters -, ., _ and ~ should not be percent-encoded. Reported by: Miguel Diaz Bug: http://curl.haxx.se/mail/lib-2010-09/0227.html
2010-03-24	remove the CVSish $Id$ lines	Daniel Stenberg

2010-02-24	fix compiler warning	Yang Tse

2010-01-22	wrap long lines and do some indent policing	Daniel Stenberg

2009-04-21	libcurl's memory.h renamed to curl_memory.h	Yang Tse

2008-10-08	Added const to some pointer variables	Dan Fandrich

2008-09-09	Factored out Curl_isalnum	Dan Fandrich

2007-11-07	if () => if()	Daniel Stenberg
	while () => while() and some other minor re-indentings
2007-09-30	Alex Fishman reported a curl_easy_escape() problem that was made the	Daniel Stenberg
	function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a signed / unsigned mistake in the code. I fixed it and added test case 543 to verify.
2007-08-26	Fixed some minor mismatched types found by splint.	Dan Fandrich

2007-08-04	Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on	Daniel Stenberg
	non-ASCII systems.
2006-10-17	Avoid typecasting a signed char to an int when using is*() functions, as that	Daniel Stenberg
	could very well cause a negate number get passed in and thus cause reading outside of the array usually used for this purpose. We avoid this by using the uppercase macro versions introduced just now that does some extra crazy typecasts to avoid byte codes > 127 to cause negative int values.
2006-04-07	First commit of David McCreedy's EBCDIC and TPF changes.	Daniel Stenberg

2004-07-01	Variable type cleanups to please the picky MIPSPro compiler.	Daniel Stenberg

2004-06-24	include header for our printfs	Daniel Stenberg

2004-06-24	Replaced all uses of sprintf() with the safer snprintf(). It is just a	Daniel Stenberg
	precaution to prevent mistakes to lead to buffer overflows.
2004-05-13	curl_free() doesn't free(NULL) but just returns	Daniel Stenberg

2004-05-12	return NULL on out of memory	Daniel Stenberg

2004-05-11	curl_global_init_mem() allows the memory functions to be replaced.	Daniel Stenberg
	memory.h is included everywhere for this.
2004-03-08	size_t/int/long fixes	Daniel Stenberg

2004-01-29	Dan Fandrich's cleanup patch to make pedantic compiler options cause less	Daniel Stenberg
	warnings. Minor edits by me.
2004-01-07	updated year in the copyright string	Daniel Stenberg

2003-06-26	use CURLDEBUG instead of MALLOCDEBUG	Daniel Stenberg

2003-05-21	David Balazic pointed out the lack of checks for a valid %XX code when	Daniel Stenberg
	we unescape a string. We now check and decode only valid %XX strings.
2003-01-29	removed the local variables for emacs and vim, use the new sample.emacs	Daniel Stenberg
	way for emacs, and vim users should provide a similar non-polluting style
2003-01-16	copyright year update in the source header	Daniel Stenberg

2003-01-08	fixed a very, very rare and very, very little memory leak	Jean-Philippe Barette-LaPierre

2002-09-25	Walter J. Mack added curl_free	Daniel Stenberg

2002-09-03	updated source code boilerplate/header	Daniel Stenberg

2002-06-26	ignore '+' in URLs, generate only %-codes	Daniel Stenberg

2002-03-19	copyright string (year) update	Daniel Stenberg

2001-10-11	looks nicer and is better compatible with older vim versions	Sterling Hughes

2001-09-07	Added formatting sections for emacs and vim	Sterling Hughes

2001-08-21	Georg Huettenegger's patch curl-7.8.1-pre5-patch-20010819	Daniel Stenberg

2001-08-14	added typecasts when converting from unsigned int to int	Daniel Stenberg

2001-08-05	curl_escape() no longer attempts to detect already encoded stuff (in order	Daniel Stenberg
	not to re-encode it).
2001-04-07	Andr�s Garc�a fixed curl_escape()	Daniel Stenberg

2001-03-22	Jim Drash suggested and I made it not encode what looks like an already	Daniel Stenberg
	encoded letter (in curl_escape)
2001-03-22	the new escape/unescape function setup	Daniel Stenberg

2001-03-09	use unsigned int hex to receive the hex digit in, caused a warning with	Daniel Stenberg
	-Wall and a new gcc
2001-01-03	dual-license fix	Daniel Stenberg

2000-11-21	curl_unescape() did not stop at the set length properly when %-codes were	Daniel Stenberg
	used
2000-10-09	added memory debugging include file	Daniel Stenberg

2000-08-31	in unescape(), '+' is now only converted to space after the first '?'	Daniel Stenberg

2000-06-20	haxx.nu => haxx.se	Daniel Stenberg