aboutsummaryrefslogtreecommitdiff
path: root/lib/escape.h
AgeCommit message (Collapse)Author
2012-01-24URL sanitize: reject URLs containing bad dataDaniel Stenberg
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2010-03-24remove the CVSish $Id$ linesDaniel Stenberg
2006-04-07First commit of David McCreedy's EBCDIC and TPF changes.Daniel Stenberg
2006-01-09Made the copyright year match the latest modification's year.Daniel Stenberg
2005-10-31kill trailing whitespaceDaniel Stenberg
2004-01-07updated year in the copyright stringDaniel Stenberg
2003-01-16copyright year update in the source headerDaniel Stenberg
2002-09-03updated source code boilerplate/headerDaniel Stenberg
2002-03-19copyright string (year) updateDaniel Stenberg
2001-08-21Georg Huettenegger's patch curl-7.8.1-pre5-patch-20010819Daniel Stenberg
2001-03-22the new escape/unescape function setupDaniel Stenberg
2001-01-03dual-license fixDaniel Stenberg
2000-06-20haxx.nu => haxx.seDaniel Stenberg
2000-05-22moved here from the newlib branchDaniel Stenberg
1999-12-29Initial revisionDaniel Stenberg