aboutsummaryrefslogtreecommitdiff
path: root/lib/url.c
AgeCommit message (Collapse)Author
2009-04-13- bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by MartinDaniel Stenberg
Storsjo pointed out how setting CURLOPT_NOBODY to 0 could be downright confusing as it set the method to either GET or HEAD. The example he showed looked like: curl_easy_setopt(curl, CURLOPT_PUT, 1); curl_easy_setopt(curl, CURLOPT_NOBODY, 0); The new way doesn't alter the method until the request is about to start. If CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is 0 and the request happens to have been set to HEAD, it will then instead be set to GET. I believe this will be less surprising to users, and hopefully not hit any existing users badly.
2009-03-03- David James brought a patch that make libcurl close (all) dead connectionsDaniel Stenberg
whenever you attempt to open a new connection.
2009-03-02- David Kierznowski notified us about a security flawDaniel Stenberg
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support.
2009-02-28fix compiler warningYang Tse
2009-02-17- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 forDaniel Stenberg
plain FTP connections, and it will then allow MKD to fail once and retry the CWD afterwards. This is especially useful if you're doing many simultanoes connections against the same server and they all have this option enabled, as then CWD may first fail but then another connection does MKD before this connection and thus MKD fails but trying CWD works! The numbers can (should?) now be set with the convenience enums now called CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY. Tests has proven that if you're making an application that uploads a set of files to an ftp server, you will get a noticable gain in speed if you're using multiple connections and this option will be then be very useful.
2009-02-07Moved Curl_strntoupper() to the rawstr.c file where the other raw stringDaniel Stenberg
functions are.
2009-02-02- Patrick Scott found a rather large memory leak when using the multiDaniel Stenberg
interface and setting CURLMOPT_MAXCONNECTS to something less than the number of handles you add to the multi handle. All the connections that didn't fit in the cache would not be properly disconnected nor freed!
2009-02-02- Craig A West brought us: libcurl now defaults to do CONNECT with HTTPDaniel Stenberg
version 1.1 instead of 1.0 like before. This change also introduces the new proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0 option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0. I updated all test cases cases that use CONNECT and I tried to do some using --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run.
2009-01-28- Markus Moeller introduced two new options to libcurl:Daniel Stenberg
CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-26- Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an appDaniel Stenberg
to set desired block size to use for TFTP transfers instead of the default 512 bytes.
2009-01-25- Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option.Daniel Stenberg
They basically offer the same thing the NO_PROXY environment variable only offered previously: list a set of host names that shall not use the proxy even if one is specified.
2009-01-21Fixed a couple more locale-dependent toupper conversions, mainly forDan Fandrich
clarity. This does fix one problem that causes ;type=i FTP URLs to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is used (test case 561) Added tests 561 and 1092 through 1094 to test various combinations of ;type= and ;mode= URLs that could potentially fail in the Turkish locale.
2009-01-08Unified much of the SessionHandle initialization done in Curl_open() andDan Fandrich
curl_easy_reset() by creating Curl_init_userdefined(). This had the side effect of fixing curl_easy_reset() so it now also resets CURLOPT_FTP_FILEMETHOD and CURLOPT_SSL_SESSIONID_CACHE
2008-12-29 - Phil Lisiecki filed bug report #2413067Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that would cause libcurl to mark a DNS cache entry "in use" eternally if the subsequence TCP connect failed. It would thus never get pruned and refreshed as it should've been.
2008-12-19- Using the libssh2 0.19 function libssh2_session_block_directions(), libcurlDaniel Stenberg
now has an improved ability to do right when the multi interface (both "regular" and multi_socket) is used for SCP and SFTP transfers. This should result in (much) less busy-loop situations and thus less CPU usage with no speed loss.
2008-12-12Make the getoff all pipelines function only set _inuse to FALSE if theDaniel Stenberg
specified data pointer was head.
2008-12-11Dan F pointed out that we don't need to scan IPv6 addresses for '%'-lettersDaniel Stenberg
in the parse_remote_port() function as the scope id has already been stripped from the string.
2008-12-11- Keshav Krity found out that libcurl failed to deal with dotted IPv6Daniel Stenberg
addresses if they were very long (>39 letters) due to a too strict address validity parser. It now accepts addresses up to 45 bytes long.
2008-12-10- Internet Explorer had a broken HTTP digest authentication before v7 andDaniel Stenberg
there are servers "out there" that relies on the client doing this broken Digest authentication. Apache even comes with an option to work with such broken clients. The difference is only for URLs that contain a query-part (a '?'-letter and text to the right of it). libcurl now supports this quirk, and you enable it by setting the CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH options. They are thus individually controlled to server and proxy.
2008-12-03- Igor Novoseltsev filed bug #2351645Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2351645) that identified a problem with the multi interface that occured if you removed an easy handle while in progress and the handle was used in a HTTP pipeline.
2008-11-19- Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas gotDaniel Stenberg
when uploading files to a single FTP server using multiple easy handle handles with the multi interface. Occasionally a handle would stall in mysterious ways. The problem turned out to be a side-effect of the ConnectionExists() function's eagerness to re-use a handle for HTTP pipelining so it would select it even if already being in use, due to an inadequate check for its chances of being used for pipelnining.
2008-11-05corrected and clarified the *_SPEED_LARGE commentsDaniel Stenberg
2008-11-03- Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480) pointed out aDaniel Stenberg
problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL pointer read. I also took the opportunity to clean up this logic (storing of the connection's IP address) somewhat as we had it stored in two different places and ways previously and they are now unified.
2008-10-23moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_Daniel Stenberg
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23Created Curl_raw_nequal() which does a C-locale string case comparison.Dan Fandrich
Changed checkprefix() to use it and those instances of strnequal() that compare host names or other protocol strings that are defined to be independent of case in the C locale. This should fix a few more Turkish locale problems.
2008-10-19attempt to fix or allow further detection of an elusive icc SIGSEGVYang Tse
2008-10-19clarified an argument's situation due to a false positive alert pointed outDaniel Stenberg
by coverity.com
2008-10-17oops ;-)Yang Tse
2008-10-17oopsYang Tse
2008-10-17fix syntax errorDaniel Stenberg
2008-10-17fix compiler warningYang Tse
2008-10-16Return an error when a proxy option is set when configured withDan Fandrich
--disable-proxy mode. Removed some unnecessary prototypes.
2008-10-16don't segfault when NULL is passed in to CURLOPT_USERPWD orDaniel Stenberg
CURLOPT_PROXYUSERPWD
2008-10-16- Igor Novoseltsev added CURLOPT_PROXYUSER and CURLOPT_PROXYPASSWORD that thenDaniel Stenberg
make CURLOPT_PROXYUSERPWD sort of deprecated. The primary motive for adding these new options is that they have no problems with the colon separator that the CURLOPT_PROXYUSERPWD option does.
2008-10-16Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper functionDaniel Stenberg
used in strequal.c so now all test cases run fine for me again.
2008-10-15- Pascal Terjan filed bug #2154627Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl uses strcasecmp() in multiple places where it causes failures when the Turkish locale is used. This is because 'i' and 'I' isn't the same letter so strcasecmp() on those letters are different in Turkish than in English (or just about all other languages). I thus introduced a totally new internal function in libcurl (called Curl_ascii_equal) for doing case insentive comparisons for english-(ascii?) style strings that thus will make "file" and "FILE" match even if the Turkish locale is selected.
2008-10-14fix compiler warningYang Tse
2008-10-10_ Adapt OS400 EBCDIC wrappers to new options.Patrick Monnerat
_ Update RPG binding accordingly. _ Fix new options comments.
2008-10-08Fixed a memory leak in the new CURLOPT_USERPWD handlingDan Fandrich
2008-10-08fix missing null-pointer checkYang Tse
2008-10-08- Igor Novoseltsev brought a patch that introduced two new options toDaniel Stenberg
curl_easy_setopt: CURLOPT_USERNAME and CURLOPT_PASSWORD that sort of deprecates the good old CURLOPT_USERPWD since they allow applications to set the user name and password independently and perhaps more importantly allow both to contain colon(s) which CURLOPT_USERPWD doesn't fully support.
2008-10-07- Fixed CURLINFO_PRIMARY_IP: When libcurl created a connection to host A thenDaniel Stenberg
the app re-used the handle to do a connection to host B and then again re-used the handle to host A, it would not update the info with host A's IP address (due to the connection being re-used) but it would instead report the info from host B.
2008-09-29Fixed a compile problem with --disable-proxyDan Fandrich
2008-09-29- Daniel Egger provided a patch that allows you to disable proxy support inDaniel Stenberg
libcurl to somewhat reduce the size of the binary. Run configure --disable-proxy.
2008-09-29Moved all signal-based name resolution timeout handling into a single newDan Fandrich
Curl_resolv_timeout function to reduce coupling.
2008-09-24ntoa() and inet_ntoa_r() no longer usedYang Tse
2008-09-24Make sure not to dereference the wrong UrlState proto union member whenDan Fandrich
switching from one protocol to another in a single request (e.g. redirecting from HTTP to FTP as in test 1055) by resetting state.expect100header before every request.
2008-09-19Only define alarmfunc when signals are usedDan Fandrich
2008-09-19Don't bother to install a SIGALRM handler unless alarm() is available.Dan Fandrich
Also, leave the existing SIGALRM handler alone if the timeout is too small to handle.
2008-09-18fix compiler warning: external declaration in primary source fileYang Tse