From e8442e4ffcecf3e290c7e26c44e4aa313e016f9a Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Tue, 16 Jul 2019 03:35:54 -0400 Subject: libcurl: Restrict redirect schemes (follow-up) - Allow FTPS on redirect. - Update default allowed redirect protocols in documentation. Follow-up to 6080ea0. Ref: https://github.com/curl/curl/pull/4094 Closes https://github.com/curl/curl/pull/4115 --- lib/setopt.c | 3 +-- lib/url.c | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/setopt.c b/lib/setopt.c index bdfe86ac7..1dbf00faf 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -2374,8 +2374,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_REDIR_PROTOCOLS: /* set the bitmask for the protocols that libcurl is allowed to follow to, as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs - to be set in both bitmasks to be allowed to get redirected to. Defaults - to all protocols except FILE and SCP. */ + to be set in both bitmasks to be allowed to get redirected to. */ data->set.redir_protocols = va_arg(param, long); break; diff --git a/lib/url.c b/lib/url.c index 258f60c8f..2b47b235d 100644 --- a/lib/url.c +++ b/lib/url.c @@ -488,7 +488,8 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) define since we internally only use the lower 16 bits for the passed in bitmask to not conflict with the private bits */ set->allowed_protocols = CURLPROTO_ALL; - set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP; + set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP | + CURLPROTO_FTPS; #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) /* -- cgit v1.2.3