| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2012-01-24 | URL sanitize: reject URLs containing bad data | Daniel Stenberg | |
| Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich | |||
| 2010-03-24 | remove the CVSish $Id$ lines | Daniel Stenberg | |
| 2006-04-07 | First commit of David McCreedy's EBCDIC and TPF changes. | Daniel Stenberg | |
| 2006-01-09 | Made the copyright year match the latest modification's year. | Daniel Stenberg | |
| 2005-10-31 | kill trailing whitespace | Daniel Stenberg | |
| 2004-01-07 | updated year in the copyright string | Daniel Stenberg | |
| 2003-01-16 | copyright year update in the source header | Daniel Stenberg | |
| 2002-09-03 | updated source code boilerplate/header | Daniel Stenberg | |
| 2002-03-19 | copyright string (year) update | Daniel Stenberg | |
| 2001-08-21 | Georg Huettenegger's patch curl-7.8.1-pre5-patch-20010819 | Daniel Stenberg | |
| 2001-03-22 | the new escape/unescape function setup | Daniel Stenberg | |
| 2001-01-03 | dual-license fix | Daniel Stenberg | |
| 2000-06-20 | haxx.nu => haxx.se | Daniel Stenberg | |
| 2000-05-22 | moved here from the newlib branch | Daniel Stenberg | |
| 1999-12-29 | Initial revision | Daniel Stenberg | |
 |
index : curl | |
| cURL mirror with patches applied | Ben |
| aboutsummaryrefslogtreecommitdiff |