From 1f1f131e09d2a9cd3d5859d321a1ec9b127f0a78 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Tue, 18 Aug 2015 01:18:27 -0400 Subject: docs: Update the redirect protocols disabled by default - Clarify that FILE and SCP are disabled by default since 7.19.4 - Add that SMB and SMBS are disabled by default since 7.40.0 - Add CURLPROTO_SMBS to the list of protocols --- docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 | 6 ++++-- docs/libcurl/opts/CURLOPT_PROTOCOLS.3 | 1 + docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 | 11 ++++++++--- 3 files changed, 13 insertions(+), 5 deletions(-) (limited to 'docs/libcurl/opts') diff --git a/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 index 3a32caef5..1ca8e34fc 100644 --- a/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 +++ b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 @@ -37,8 +37,10 @@ returned. \fICURLOPT_MAXREDIRS(3)\fP can be used to limit the number of redirects libcurl will follow. libcurl can limit to what protocols it will automatically follow. The accepted -protocols are set with \fICURLOPT_REDIR_PROTOCOLS(3)\fP and it excludes the -FILE protocol by default. +protocols are set with \fICURLOPT_REDIR_PROTOCOLS(3)\fP. By default libcurl +will allow all protocols on redirect except several disabled for security +reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS +are also disabled. For users who think the existing location following is too naive, too simple or just lacks features, it is very easy to instead implement your own redirect diff --git a/docs/libcurl/opts/CURLOPT_PROTOCOLS.3 b/docs/libcurl/opts/CURLOPT_PROTOCOLS.3 index 958eeeb9d..b7414a3c3 100644 --- a/docs/libcurl/opts/CURLOPT_PROTOCOLS.3 +++ b/docs/libcurl/opts/CURLOPT_PROTOCOLS.3 @@ -60,6 +60,7 @@ CURLPROTO_RTSP CURLPROTO_SCP CURLPROTO_SFTP CURLPROTO_SMB +CURLPROTO_SMBS CURLPROTO_SMTP CURLPROTO_SMTPS CURLPROTO_TELNET diff --git a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 index fbec9f5c7..fd986b896 100644 --- a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 +++ b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 @@ -32,8 +32,12 @@ Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask limits what protocols libcurl may use in a transfer that it follows to in a redirect when \fICURLOPT_FOLLOWLOCATION(3)\fP is enabled. This allows you to limit specific transfers to only be allowed to use a subset of protocols in -redirections. By default libcurl will allow all protocols except for FILE and -SCP. +redirections. + +By default libcurl will allow all protocols on redirect except several disabled +for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0 +SMB and SMBS are also disabled. \fICURLPROTO_ALL\fP enables all protocols on +redirect, including those disabled for security. These are the available protocol defines: .nf @@ -60,13 +64,14 @@ CURLPROTO_RTSP CURLPROTO_SCP CURLPROTO_SFTP CURLPROTO_SMB +CURLPROTO_SMBS CURLPROTO_SMTP CURLPROTO_SMTPS CURLPROTO_TELNET CURLPROTO_TFTP .fi .SH DEFAULT -All protocols except for FILE, SCP and SMB. +All protocols except for FILE, SCP and since 7.40.0 SMB and SMBS. .SH PROTOCOLS All .SH EXAMPLE -- cgit v1.2.3