| Age | Commit message (Collapse) | Author |
|---|
|
|
|
RFC 6265 section 4.1.1 spells out that the first name/value pair in the
header is the actual cookie name and content, while the following are
the parameters.
libcurl previously had a more liberal approach which causes significant
problems when introducing new cookie parameters, like the suggested new
cookie priority draft.
The previous logic read all n/v pairs from left-to-right and the first
name used that wassn't a known parameter name would be used as the
cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be
a cookie named 'person' while an RFC 6265 compliant parser should
consider that to be a cookie named 'Max-Age' with an (unknown) parameter
'person'.
Fixes #709
|
|
Closes #658
|
|
Since two of the cookies would now otherwise expire and cause the test
to fail after commit 20de9b4f09
Discussed in #697
|
|
DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP
test cases to be skipped. Using RSA for host authentication works with
both old and new versions of OpenSSH.
Reported-by: Karlson2k
Closes #676
|
|
- Add tests.
- Add an example to CURLOPT_TFTP_NO_OPTIONS.3.
- Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.
Bug: https://github.com/curl/curl/issues/481
|
|
Closes #672
|
|
|
|
Reported-by: neex@users.noreply.github.com
|
|
|
|
For example something like --output \\?\C:\foo
|
|
It turns out Firefox and Chrome both allow spaces in cookie names and
there are sites out there using that.
Turned out the code meant to strip off trailing space from cookie names
didn't work. Fixed now.
Test case 8 modified to verify both these changes.
Closes #639
|
|
RFC 7230 says we should stop. Firefox already stopped.
Bug: https://github.com/curl/curl/issues/633
Reported-By: Brad Fitzpatrick
Closes #633
|
|
|
|
- Add unit test 1604 to test the sanitize_file_name function.
- Use -DCURL_STATICLIB when building libcurltool for unit testing.
- Better detection of reserved DOS device names.
- New flags to modify sanitize behavior:
SANITIZE_ALLOW_COLONS: Allow colons
SANITIZE_ALLOW_PATH: Allow path separators and colons
SANITIZE_ALLOW_RESERVED: Allow reserved device names
SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename
- Restore sanitization of banned characters from user-specified outfile.
Prior to this commit sanitization of a user-specified outfile was
temporarily disabled in 2b6dadc because there was no way to allow path
separators and colons through while replacing other banned characters.
Now in such a case we call the sanitize function with
SANITIZE_ALLOW_PATH which allows path separators and colons to pass
through.
Closes https://github.com/curl/curl/issues/624
Reported-by: Octavio Schroeder
|
|
|
|
Closes #632
|
|
|
|
|
|
It isn't used by the code in current conditions but for safety it seems
sensible to at least not crash on such input.
Extended unit test 1395 to verify this too as well as a plain "/" input.
|
|
Because disabling the peer verification (--insecure) must not disable
the public key pinning check (--pinnedpubkey).
|
|
Before this patch, if a URL does not start with the protocol
name/scheme, effective URLs would be prefixed with upper-case protocol
names/schemes. This behavior might not be expected by library users or
end users.
For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the
URL is "hostname/path". The effective URL would be
"HTTPS://hostname/path" instead of "https://hostname/path".
After this patch, effective URLs would be prefixed with a lower-case
protocol name/scheme.
Closes #597
Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
|
|
.. and enable SSLpinning tests for mbedTLS, BoringSSL and LibreSSL.
|
|
Use the ACE form of IDN hostnames as key in the connection cache. Add
new tests.
Closes #592
|
|
|
|
|
|
MSYS would otherwise turn a /-style path into a C:\-style path.
|
|
While still using datacheck mode binary for the inline reply data.
|
|
Move the text-mode conversion for reply/replycheck from the verify
section into the load section and add support for 4 more check parts.
|
|
|
|
|
|
|
|
Not converting to double caused small timeouts to be skipped.
|
|
Not converting to double caused small timeouts to be skipped.
|
|
|
|
Follow up on b064ff0c351bb287557228575ef4c1d079b866fb, thanks Daniel.
|
|
|
|
|
|
|
|
|
|
The request needs to be read and send in binary mode in order to use
CRLF instead of LF. Adding --upload-file - causes curl to read stdin
in binary mode.
|
|
|
|
|
|
The previous implementation caused issues on modern MSYS2 runtimes.
|
|
Make this the default for the curl tool (if built with HTTP/2 powers
enabled) unless a specific HTTP version is requested on the command
line.
This should allow more users to get HTTP/2 powers without having to
change anything.
|
|
|
|
|
|
Tests 842, 843, 844, 845, 887, 888, 889, 890, 946, 947, 948 and 949 fail
if a custom port number is specified via the -b option of runtests.pl.
Suggested by: Kamil Dudka
Bug: http://curl.haxx.se/mail/lib-2015-12/0003.html
|
|
|
|
test845 not present in tests/data/Makefile.inc
|
