From 946ce5b61fc3832935ea92b4388116c7f637fb8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Stenberg?= Date: Sun, 25 Feb 2018 20:17:25 +0100 Subject: option: disallow username in URL Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes libcurl reject URLs with a username in them. Closes #2340 --- src/tool_cfgable.h | 1 + src/tool_getparam.c | 4 ++++ src/tool_help.c | 2 ++ src/tool_operate.c | 3 +++ 4 files changed, 10 insertions(+) (limited to 'src') diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 237c2bd7f..a0363e9a7 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -255,6 +255,7 @@ struct OperationConfig { long happy_eyeballs_timeout_ms; /* happy eyeballs timeout in milliseconds. 0 is valid. default: CURL_HET_DEFAULT. */ bool haproxy_protocol; /* whether to send HAProxy protocol v1 */ + bool disallow_username_in_url; /* disallow usernames in URLs */ struct GlobalConfig *global; struct OperationConfig *prev; struct OperationConfig *next; /* Always last in the struct */ diff --git a/src/tool_getparam.c b/src/tool_getparam.c index a9f448112..186168252 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -82,6 +82,7 @@ static const struct LongShort aliases[]= { {"*d", "ciphers", ARG_STRING}, {"*D", "dns-interface", ARG_STRING}, {"*e", "disable-epsv", ARG_BOOL}, + {"*f", "disallow-username-in-url", ARG_BOOL}, {"*E", "epsv", ARG_BOOL}, /* 'epsv' made like this to make --no-epsv and --epsv to work although --disable-epsv is the documented option */ @@ -621,6 +622,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ case 'e': /* --disable-epsv */ config->disable_epsv = toggle; break; + case 'f': /* --disallow-username-in-url */ + config->disallow_username_in_url = toggle; + break; case 'E': /* --epsv */ config->disable_epsv = (!toggle)?TRUE:FALSE; break; diff --git a/src/tool_help.c b/src/tool_help.c index 3218cf67d..b829e76ef 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -108,6 +108,8 @@ static const struct helptxt helptext[] = { "Inhibit using EPRT or LPRT"}, {" --disable-epsv", "Inhibit using EPSV"}, + {" --disallow-username-in-url", + "Disallow username in url"}, {" --dns-interface ", "Interface to use for DNS requests"}, {" --dns-ipv4-addr
", diff --git a/src/tool_operate.c b/src/tool_operate.c index 0a1b1a48d..26fc251f5 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1474,6 +1474,9 @@ static CURLcode operate_do(struct GlobalConfig *global, if(config->haproxy_protocol) my_setopt(curl, CURLOPT_HAPROXYPROTOCOL, 1L); + if(config->disallow_username_in_url) + my_setopt(curl, CURLOPT_DISALLOW_USERNAME_IN_URL, 1L); + /* initialize retry vars for loop below */ retry_sleep_default = (config->retry_delay) ? config->retry_delay*1000L : RETRY_SLEEP_DEFAULT; /* ms */ -- cgit v1.2.3