From 3050ae57c0ad3a071448fb36b5d5d720910d5d00 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 19 Jan 2005 21:56:02 +0000
Subject: Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP
 URL contains %0a or %0d in the user, password or CWD parts. (A future fix
 would include doing it for %00 as well - see KNOWN_BUGS for details.) Test
 case 225 and 226 were added to verify this

---
 CHANGES | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index bedab831c..5959147f6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,12 +8,18 @@
 
 
 Daniel (19 January 2005)
+- Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL
+  contains %0a or %0d in the user, password or CWD parts. (A future fix would
+  include doing it for %00 as well - see KNOWN_BUGS for details.) Test case
+  225 and 226 were added to verify this
+
 - Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled:
 
   1) the proxy environment variables are still read and used to set HTTP proxy
 
   2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was
-     disabled)
+     disabled). This is important since apps may want to disable HTTP proxy
+     without actually knowing if libcurl was built to disable HTTP or not.
 
   Based on Stephan's patch, both these issues should now be fixed.
 
-- 
cgit v1.2.3