[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 71/150: libcurl-security.3: separate file:// sectio
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 71/150: libcurl-security.3: separate file:// section |
|
Date: |
Fri, 30 Mar 2018 16:48:45 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 63f6b3b22077c6fd4a75ce4ceac7258509af412c
Author: Daniel Stenberg <address@hidden>
AuthorDate: Tue Feb 13 14:04:04 2018 +0100
libcurl-security.3: separate file:// section
... just to make it more apparent. Even if it repeats
some pieces of information.
---
docs/libcurl/libcurl-security.3 | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3
index 185fb6b08..377301ee0 100644
--- a/docs/libcurl/libcurl-security.3
+++ b/docs/libcurl/libcurl-security.3
@@ -208,6 +208,13 @@ of how the SCP protocol is designed. e.g.
Applications must not allow unsanitized SCP: URLs to be passed in for
downloads.
+.SH "file://"
+By default curl and libcurl support file:// URLs. Such a URL is always an
+access, or attempted access, to a local resource. If your application wants to
+avoid that, keep control of what URLs to use and/or prevent curl/libcurl from
+using the protocol.
+
+By default, libcurl prohibits redirects to file:// URLs.
.SH "What if the user can set the URL"
Applications may find it tempting to let users set the URL that it can work
on. That's probably fine, but opens up for mischief and trickery that you as
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 142/150: FAQ: fix a broken URL [ci skip], (continued)
- [GNUnet-SVN] [gnurl] 142/150: FAQ: fix a broken URL [ci skip], gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 145/150: limit-rate: fix compiler warning, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 140/150: credits: Viktor prefers without accent, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 138/150: openldap: check ldap_get_attribute_ber() results for NULL before using, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 134/150: limit-rate: kick in even before "limit" data has been received, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 126/150: curl tool: accept --compressed also if Brotli is enabled and zlib is not., gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 146/150: Revert "hostip: fix compiler warning: 'variable set but not used'", gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 68/150: libcurl-security.3: split out from libcurl-tutorial.3, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 129/150: HTTP: allow "header; " to replace an internal header with a blank one, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 148/150: tests/.../spnego.py: fix identifier typo, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 71/150: libcurl-security.3: separate file:// section,
gnunet <=
- [GNUnet-SVN] [gnurl] 66/150: tests: new tests for http raw mode, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 111/150: curl-openssl.m4: Fix version check for OpenSSL 1.1.1, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 127/150: SECURITY: distros' max embargo time is 14 days now, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 110/150: lib655: silence compiler warning, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 105/150: curl_share_setopt.3: connection cache is shared within multi handles, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 121/150: krb5: use nondeprecated functions, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 74/150: TODO fixed: Detect when called from within callbacks, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 149/150: release: 7.59.0, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 108/150: projects/README: remove reference to dead IDN link/package, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 136/150: readwrite: make sure excess reads don't go beyond buffer end, gnunet, 2018/03/30