Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
T
TLMSP curl
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CYBER - Cyber Security
TS 103 523 MSP
TLMSP
TLMSP curl
Commits
2f8085af
Commit
2f8085af
authored
20 years ago
by
Daniel Stenberg
Browse files
Options
Downloads
Patches
Plain Diff
David Houlder added --form-string
parent
88a4dc27
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
docs/MANUAL
+7
-0
7 additions, 0 deletions
docs/MANUAL
docs/curl.1
+6
-0
6 additions, 0 deletions
docs/curl.1
src/main.c
+15
-6
15 additions, 6 deletions
src/main.c
tests/data/test39
+10
-2
10 additions, 2 deletions
tests/data/test39
with
38 additions
and
8 deletions
docs/MANUAL
+
7
−
0
View file @
2f8085af
...
...
@@ -299,6 +299,13 @@ POST (HTTP)
curl -F "docpicture=@dog.gif" -F "catpicture=@cat.gif"
To send a field value literally without interpreting a leading '@'
or '<', or an embedded ';type=', use --form-string instead of
-F. This is recommended when the value is obtained from a user or
some other unpredictable source. Under these circumstances, using
-F instead of --form-string would allow a user to trick curl into
uploading a file.
REFERRER
A HTTP request has the option to include information about which address
...
...
This diff is collapsed.
Click to expand it.
docs/curl.1
+
6
−
0
View file @
2f8085af
...
...
@@ -388,6 +388,12 @@ setting filename=, like this:
See further examples and details in the MANUAL.
This option can be used multiple times.
.IP "--form-string <name=string>"
(HTTP) Similar to \fI--form\fP except that the value string for the named
parameter is used literally. Leading \&'@' and \&'<' characters, and the
\&';type=' string in the value have no special meaning. Use this in
preference to \fI--form\fP if there's any possibility that the string value
may accidentally trigger the \&'@' or \&'<' features of \fI--form\f{.
.IP "-g/--globoff"
This option switches off the "URL globbing parser". When you set this option,
you can specify URLs that contain the letters {}[] without having them being
...
...
This diff is collapsed.
Click to expand it.
src/main.c
+
15
−
6
View file @
2f8085af
...
...
@@ -355,6 +355,7 @@ static void help(void)
" --ftp-pasv Use PASV instead of PORT (F)"
,
" --ftp-ssl Enable SSL/TLS for the ftp transfer (F)"
,
" -F/--form <name=content> Specify HTTP multipart POST data (H)"
,
" --form-string <name=string> Specify HTTP multipart POST data (H)"
,
" -g/--globoff Disable URL sequences and ranges using {} and []"
,
" -G/--get Send the -d data with a HTTP GET (H)"
,
" -h/--help This help text"
,
...
...
@@ -774,6 +775,9 @@ static void list_engines (const struct curl_slist *engines)
* Specify files to upload with 'name=@filename'. Supports specified
* given Content-Type of the files. Such as ';type=<content-type>'.
*
* If literal_value is set, any initial '@' or '<' in the value string
* loses its special meaning, as does any embedded ';type='.
*
* You may specify more than one file for a single name (field). Specify
* multiple files by writing it like:
*
...
...
@@ -804,7 +808,8 @@ static void list_engines (const struct curl_slist *engines)
static
int
formparse
(
char
*
input
,
struct
curl_httppost
**
httppost
,
struct
curl_httppost
**
last_post
)
struct
curl_httppost
**
last_post
,
bool
literal_value
)
{
/* nextarg MUST be a string in the format 'name=contents' and we'll
build a linked list with the info */
...
...
@@ -829,7 +834,7 @@ static int formparse(char *input,
}
contp
=
contents
;
if
(
'@'
==
contp
[
0
])
{
if
(
'@'
==
contp
[
0
]
&&
!
literal_value
)
{
struct
multi_files
*
multi_start
=
NULL
,
*
multi_current
=
NULL
;
/* we use the @-letter to indicate file name(s) */
contp
++
;
...
...
@@ -974,7 +979,7 @@ static int formparse(char *input,
else
{
struct
curl_forms
info
[
4
];
int
i
=
0
;
char
*
ct
=
strstr
(
contp
,
";type="
);
char
*
ct
=
literal_value
?
NULL
:
strstr
(
contp
,
";type="
);
info
[
i
].
option
=
CURLFORM_COPYNAME
;
info
[
i
].
value
=
name
;
...
...
@@ -987,7 +992,7 @@ static int formparse(char *input,
ct
[
0
]
=
0
;
/* zero terminate here */
}
if
(
contp
[
0
]
==
'<'
)
{
if
(
contp
[
0
]
==
'<'
&&
!
literal_value
)
{
info
[
i
].
option
=
CURLFORM_FILECONTENT
;
info
[
i
].
value
=
contp
+
1
;
i
++
;
...
...
@@ -1280,6 +1285,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
{
"Eg"
,
"capath "
,
TRUE
},
{
"f"
,
"fail"
,
FALSE
},
{
"F"
,
"form"
,
TRUE
},
{
"Fs"
,
"form-string"
,
TRUE
},
{
"g"
,
"globoff"
,
FALSE
},
{
"G"
,
"get"
,
FALSE
},
{
"h"
,
"help"
,
FALSE
},
...
...
@@ -1361,8 +1367,10 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
do
{
/* we can loop here if we have multiple single-letters */
if
(
!
longopt
)
if
(
!
longopt
)
{
letter
=
parse
?
(
char
)
*
parse
:
'\0'
;
subletter
=
'\0'
;
}
else
{
letter
=
parse
[
0
];
subletter
=
parse
[
1
];
...
...
@@ -1833,7 +1841,8 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
to sort this out slowly and carefully */
if
(
formparse
(
nextarg
,
&
config
->
httppost
,
&
config
->
last_post
))
&
config
->
last_post
,
subletter
==
's'
))
/* 's' means literal string */
return
PARAM_BAD_USE
;
if
(
SetHTTPrequest
(
HTTPREQ_POST
,
&
config
->
httpreq
))
return
PARAM_BAD_USE
;
...
...
This diff is collapsed.
Click to expand it.
tests/data/test39
+
10
−
2
View file @
2f8085af
...
...
@@ -19,7 +19,7 @@ http
HTTP RFC1867-type formposting with filename= and type=
</name>
<command>
http://%HOSTIP:%HTTPPORT/we/want/39 -F name=daniel -F tool=curl -F "file=@log/test39.txt;filename=fakerfile;type=moo/foobar" -F file2=@log/test39.txt
http://%HOSTIP:%HTTPPORT/we/want/39 -F name=daniel -F tool=curl
--form-string "str1=@literal" --form-string "str2=<verbatim;type=xxx/yyy"
-F "file=@log/test39.txt;filename=fakerfile;type=moo/foobar" -F file2=@log/test39.txt
</command>
# We create this file before the command is invoked!
<file name="log/test39.txt">
...
...
@@ -41,7 +41,7 @@ User-Agent: curl/7.10.4 (i686-pc-linux-gnu) libcurl/7.10.4 OpenSSL/0.9.7a ipv6 z
Host: 127.0.0.1:%HTTPPORT
Pragma: no-cache
Accept: */*
Content-Length:
594
Content-Length:
810
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------24e78000bd32
...
...
@@ -54,6 +54,14 @@ Content-Disposition: form-data; name="tool"
curl
------------------------------24e78000bd32
Content-Disposition: form-data; name="str1"
@literal
------------------------------24e78000bd32
Content-Disposition: form-data; name="str2"
<verbatim;type=xxx/yyy
------------------------------24e78000bd32
Content-Disposition: form-data; name="file"; filename="fakerfile"
Content-Type: moo/foobar
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment