aboutsummaryrefslogtreecommitdiff
path: root/src/tool_operate.c
AgeCommit message (Collapse)Author
2016-02-01tool_operate: Don't sanitize --output path (Windows)Jay Satiro
Due to path separators being incorrectly sanitized in --output pathnames, eg -o c:\foo => c__foo This is a partial revert of 3017d8a until I write a proper fix. The remote-name will continue to be sanitized, but if the user specified an --output with string replacement (#1, #2, etc) that data is unsanitized until I finish a fix. Bug: https://github.com/bagder/curl/issues/624 Reported-by: Octavio Schroeder
2016-01-26curl: avoid local drive traversal when saving file (Windows)Ray Satiro
curl does not sanitize colons in a remote file name that is used as the local file name. This may lead to a vulnerability on systems where the colon is a special path character. Currently Windows/DOS is the only OS where this vulnerability applies. CVE-2016-0754 Bug: http://curl.haxx.se/docs/adv_20160127B.html
2015-12-15curl --expect100-timeout: addedDaniel Stenberg
This is the new command line option to set the value for the existing libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
2015-12-13curl: use 2TLS by defaultDaniel Stenberg
Make this the default for the curl tool (if built with HTTP/2 powers enabled) unless a specific HTTP version is requested on the command line. This should allow more users to get HTTP/2 powers without having to change anything.
2015-12-03curl: remove keepalive #ifdef checks done on libcurl's behalfDaniel Stenberg
They didn't match the ifdef logic used within libcurl anyway so they could indeed warn for the wrong case - plus the tool cannot know how the lib actually performs at that level.
2015-11-24Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-13curl: mark two more options strings for --libcurl outputDaniel Stenberg
2015-11-13cleanup: general removal of TODO (and similar) commentsDaniel Stenberg
They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
2015-11-09oauth2: Don't use XOAUTH2 in OAuth 2.0 variablesSteve Holme
2015-09-21tool_operate: Don't call easysrc cleanup unless --libcurlJay Satiro
- Review of 4d95491. The author changed it so easysrc only initializes when --libcurl but did not do the same for the call to easysrc cleanup. Ref: https://github.com/bagder/curl/issues/429
2015-09-20tool: generate easysrc only on --libcurlDaniel Lee Hwang
Code should only be generated when --libcurl is used. Bug: https://github.com/bagder/curl/issues/429 Reported-by: @greafhe, Jay Satiro Closes #429 Closes #442
2015-09-11curl: point out unnecessary uses of -X in verbose modeDaniel Stenberg
It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take down the tone a bit. It adds a warning for using -XHEAD on other methods becasue that may lead to a hanging connection.
2015-08-25curl: point out the conflicting HTTP methods if usedDaniel Stenberg
It isn't always clear to the user which options that cause the HTTP methods to conflict so by spelling them out it should hopefully be easier to understand why curl complains.
2015-08-22CURLOPT_DEFAULT_PROTOCOL: addedNathaniel Waisbrot
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default protocol for schemeless URLs. - Add new tool option --proto-default to expose CURLOPT_DEFAULT_PROTOCOL. In the case of schemeless URLs libcurl will behave in this way: When the option is used libcurl will use the supplied default. When the option is not used, libcurl will follow its usual plan of guessing from the hostname and falling back to 'http'.
2015-07-26comment: fix comment about adding new option supportDaniel Stenberg
2015-07-25tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPSJay Satiro
- Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option. Broken by me several days ago in 172b2be. https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html Reported-by: Dan Fandrich
2015-07-17SSL: Add an option to disable certificate revocation checksJay Satiro
New tool option --ssl-no-revoke. New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS. Currently this option applies only to WinSSL where we have automatic certificate revocation checking by default. According to the ssl-compared chart there are other backends that have automatic checking (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at some later point. Bug: https://github.com/bagder/curl/issues/264 Reported-by: zenden2k <zenden2k@gmail.com>
2015-06-18tool: always provide negotiate/kerberos optionsDaniel Stenberg
libcurl can still be built with it, even if the tool is not. Maintain independence!
2015-06-02checksrc: detect fopen() for text without the FOPEN_* macrosDaniel Stenberg
Follow-up to e8423f9ce150 with discussionis in https://github.com/bagder/curl/pull/258 This check scans for fopen() with a mode string without 'b' present, as it may indicate that an FOPEN_* define should rather be used.
2015-05-22curl: fix potential NULL dereferenceDaniel Stenberg
Coverity CID 1299428: Dereference after null check (FORWARD_NULL)
2015-04-28Negotiate: custom service names for SPNEGO.Linus Nielsen
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. * Add new curl options, --proxy-service-name and --service-name.
2015-04-23curl -z: do not write empty file on unmet conditionKamil Dudka
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. It also introduces a regression test 1424 based on tests 78 and 1423. Reported-by: Viktor Szakats Bug: https://github.com/bagder/curl/issues/237
2015-04-08src/tool_operate: create output file on successful downloadKamil Dudka
... of an empty file Bug: https://github.com/bagder/curl/issues/183
2015-03-28tool_operate: only set SSL options if SSL is enabledDan Fandrich
2015-03-24CURLOPT_PATH_AS_IS: addedDaniel Stenberg
--path-as-is is the command line option Added docs in curl.1 and CURLOPT_PATH_AS_IS.3 Added test in test 1241
2015-03-20curl: add --false-start optionAlessandro Ghedini
2015-02-27tool: Updated the warnf() function to use the GlobalConfig structureSteve Holme
As the 'error' and 'mute' options are now part of the GlobalConfig, rather than per Operation, updated the warnf() function to use this structure rather than the OperationConfig.
2015-01-16copyright years: after OCSP stapling changesDaniel Stenberg
2015-01-16curl: add --cert-status optionAlessandro Ghedini
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
2014-12-16tool_operate: we prefer 'CURLcode result'Daniel Stenberg
2014-12-16tool_urlglob: unify return codes to use CURLcodeDaniel Stenberg
There was a mix of GlobCode, CURLcode and ints and they were mostly passing around CURLcode errors. This change makes the functions use only CURLcode and removes the GlobCode type completely.
2014-12-04tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl outputPeter Wu
Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as option in the file generated by --libcurl. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04tool: add --unix-socket optionPeter Wu
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-08operate: avoid NULL dereferenceDaniel Stenberg
Coverity CID 1241948. dumpeasysrc() would get called with config->current set to NULL which could be dereferenced by a warnf() call.
2014-10-08operate_do: skip superfluous check for NULL pointerDaniel Stenberg
Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL file name pointer so skip the check for that - it tricks coverity into believing it can happen and it then warns later on when we use 'outfile' without checking for NULL.
2014-10-07SSL: implement public key pinningmoparisthebest
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
2014-05-10tool_operate.c: Fixed compilation warningSteve Holme
An enumerated type is mixed with another type.
2014-05-09tool_operate.c: Fixed TAB is white space from commit 5b8ae0a985Steve Holme
2014-05-09tool_operate.c: Fixed compilation warningsSteve Holme
An enumerated type is mixed with another type.
2014-05-06curl: bail on cookie use when built with disabled cookiesDaniel Stenberg
2014-04-04curl: add --proxy-headerMaciej Puzio
2014-03-23tool_operate: Fixed uninitialised variable under some error situationsSteve Holme
For example when a URL is not specified or the headers file fails to open.
2014-03-02tool: Do not output libcurl source for the information only parametersSteve Holme
Ensure a source file isn't generated for the following informational command line parameters when --libcurl is specified: --help, --manual, --version and --engine list As the output would only include a fairly empty looking main() function and a call to curl_easy_init() and curl_easy_cleanup() when performed with --engine list.
2014-03-02tool: Fixed libcurl source output for multiple operationsSteve Holme
Correctly output libcurl source code that includes multiply operations as specified by --next. Note that each operation evaluates to a single curl_easy_perform() in source code form. Also note that the output could be optimised a little so global config options are only output once rather than per operation as is presently the case.
2014-03-01tool: Moved internal variable isatty to the global configSteve Holme
2014-03-01tool_operate.c: Fixed compilation errorSteve Holme
incompatible types - from 'OperationConfig *' to 'GlobalConfig *'
2014-03-01tool: Moved --progress-bar to the global configSteve Holme
2014-03-01tool: Moved --stderr to the global configSteve Holme
2014-02-27tool: Moved --trace and --verbose to the global configSteve Holme
2014-02-27tool: Moved --silient to the global configSteve Holme
Other global options such as --libcurl, --trace and --verbose to follow.