Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't

                                  Changelog

Daniel (19 August 2006)

- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't

  send the whole request at once, even though the Expect: header was disabled

  by the application. An effect of this change is also that small (< 1024

  bytes) POSTs are now always sent without Expect: header since we deem it

  more costly to bother about that than the risk that we send the data in

  vain.

Daniel (9 August 2006)

- Armel Asselin made the CURLOPT_PREQUOTE option work fine even when

  CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place

  transfer.

Daniel (8 August 2006)

- - Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs

- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs

  on a persistent connection and allowed the first to use that header, you

  could not disable it for the second request.

This release would not have looked like this without help, code, reports and

advice from friends like these:

 Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse

 Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse, Andrew Biggs

        Thanks! (and sorry if I forgot to mention someone)

      if(data->set.postfields) {

        if((data->state.authhost.done || data->state.authproxy.done )

           && (postsize < MAX_INITIAL_POST_SIZE)) {

          /* If we're not done with the authentication phase, we don't expect

             to actually send off any data yet. Hence, we delay the sending of

             the body until we receive that friendly 100-continue response */

        /* for really small posts we don't use Expect: headers at all, and for

           the somewhat bigger ones we allow the app to disable it */

        if(postsize > TINY_INITIAL_POST_SIZE) {

          result = expect100(data, req_buffer);

          if(result)

            return result;

        }

        else

          data->state.expect100header = FALSE;

        if(!data->state.expect100header &&

           (postsize < MAX_INITIAL_POST_SIZE))  {

          /* if we don't use expect:-100  AND

             postsize is less than MAX_INITIAL_POST_SIZE

          /* The post data is less than MAX_INITIAL_PORT_SIZE, then append it

             to the header. This limit is no magic limit but only set to

             prevent really huge POSTs to get the data duplicated with

             malloc() and family. */

             then append the post data to the HTTP request header. This limit

             is no magic limit but only set to prevent really huge POSTs to

             get the data duplicated with malloc() and family. */

          result = add_buffer(req_buffer, "\r\n", 2); /* end of headers! */

          if(result)

          /* set the upload size to the progress meter */

          Curl_pgrsSetUploadSize(data, http->postsize);

          result = expect100(data, req_buffer);

          if(result)

            return result;

          add_buffer(req_buffer, "\r\n", 2); /* end of headers! */

        }

      }

      else {

        result = expect100(data, req_buffer);

        if(result)

          return result;

        add_buffer(req_buffer, "\r\n", 2); /* end of headers! */

        if(data->set.postfieldsize) {

   It must not be greater than 64K to work on VMS.

*/

#ifndef MAX_INITIAL_POST_SIZE

#define MAX_INITIAL_POST_SIZE 1024

#define MAX_INITIAL_POST_SIZE (64*1024)

#endif

#ifndef TINY_INITIAL_POST_SIZE

#define TINY_INITIAL_POST_SIZE 1024

#endif

#endif

Accept: */*

Content-Length: 45

Content-Type: application/x-www-form-urlencoded

Expect: 100-continue

this is what we post to the silly web server

</protocol>