- Dec 19, 2018
-
-
Daniel Gustafsson authored
Ensure to perform the checks we have to enforce a sane domain in the cookie request. The check for non-PSL enabled builds is quite basic but it's better than nothing. Closes #2964 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
Matus Uzak authored
Follow-up to 09e401e0. If connection gets reused, then data member will be copied, but not the proto member. As a result, in smb_do(), path has been set from the original proto.share data. Closes #3388
-
Daniel Stenberg authored
Reported-by: Kamil Dudka Fixes #3380 Closes #3381
-
- Dec 17, 2018
-
-
Daniel Stenberg authored
Previously, VERIFYPEER would enable/disable all checks. Reported-by: Eric Rosenquist Fixes #3376 Closes #3380
-
Daniel Stenberg authored
Previously it was 30 minutes
-
Daniel Stenberg authored
The timeout set with CURLOPT_TIMEOUT is no longer used when disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP, POP3). Reported-by: jasal82 on github Fixes #3264 Closes #3374
-
- Dec 14, 2018
-
-
Daniel Stenberg authored
Closes #3354
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Ayoub Boudhar authored
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION options that allow a callback based approach to sending trailing headers with chunked transfers. The test server (sws) was updated to take into account the detection of the end of transfer in the case of trailing headers presence. Test 1591 checks that trailing headers can be sent using libcurl. Closes #3350
-
Daniel Stenberg authored
Reported-by: Andrei Neculau Fixes #3367 Closes #3373
-
- Dec 13, 2018
-
-
Daniel Stenberg authored
-
Leonardo Taccari authored
This verify that the `?' in the selector is kept as is. Verifies the fix in #3370
-
Leonardo Taccari authored
After the migration to URL API all octets in the selector after the first `?' were interpreted as query and accidentally discarded and not passed to the server. Add a gopherpath to always concatenate possible path and query URL pieces. Fixes #3369 Closes #3370
-
Leonardo Taccari authored
If just a `?' to indicate the query is passed always store a zero length query instead of having a NULL query. This permits to distinguish URL with trailing `?'. Fixes #3369 Closes #3370
-
Daniel Gustafsson authored
Curl_slist_append_nodup() returns NULL when it fails to create a new item for the specified list, and since the coding here reassigned the new list on top of the old list it would result in a dangling pointer and lost memory. Also, in case we hit an allocation failure at some point during the conversion, with allocation succeeding again on the subsequent call(s) we will return a truncated list around the malloc failure point. Fix by assigning to a temporary list pointer, which can be checked (which is the common pattern for slist appending), and free all the resources on allocation failure. Closes #3372 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
Daniel Gustafsson authored
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
Daniel Stenberg authored
Reported-by: Tobias Lindgren Pointed out in #3367 Closes #3368
-
- Dec 12, 2018
-
-
Daniel Gustafsson authored
A URL with a single colon without a portnumber should use the default port, discarding the colon. Fix, add a testcase and also do little bit of comment wordsmithing. Closes #3365 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... when not actually following the redirect. Otherwise we return error for this and an application can't extract the value. Test 1518 added to verify. Reported-by: Pavel Pavlov Fixes #3340 Closes #3364
-
- Dec 11, 2018
-
-
Daniel Stenberg authored
The time_t type is unsigned on some systems and these variables are used to hold return values from functions that return timediff_t already. timediff_t is always a signed type. Closes #3363
-
Daniel Stenberg authored
Suggested-by: Dave Reisner
-
Patrick Monnerat authored
Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition header without special processing: this may lead to invalid RFC 822 quoted-strings. 7.56.0 introduces escaping of backslashes and double quotes in these names: mention it in the documentation. Reported-by: daboul on github Closes #3361
-
Daniel Stenberg authored
... where "last release" should be the git tag in the repo.
-
Daniel Gustafsson authored
This adds a new unittest intended to cover the internal functions in the urlapi code, starting with parse_port(). In order to avoid name collisions in debug builds, parse_port() is renamed Curl_parse_port() since it will be exported. Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-
Daniel Gustafsson authored
An IPv6 URL which contains a zone index includes a '%%25<zode id>' string before the ending ']' bracket. The parsing logic wasn't set up to cope with the zone index however, resulting in a malformed url error being returned. Fix by breaking the parsing into two stages to correctly handle the zone index. Closes #3355 Closes #3319 Reported-by: tonystz on Github Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-
Jay Satiro authored
- Include query in the path passed to generate HTTP auth. Recent changes to use the URL API internally (46e16406, 7.62.0) inadvertently broke authentication URIs by omitting the query. Fixes https://github.com/curl/curl/issues/3353 Closes #3356
-
Michael Kaufmann authored
The http status code 204 (No Content) should not change the "condition unmet" flag. Only the http status code 304 (Not Modified) should do this. Closes #359
-
Samuel Surtees authored
- Match URL scheme with LDAP and LDAPS - Retrieve attributes, scope and filter from URL query instead Regression brought in 46e16406 (7.62.0) Closes #3362
-
- Dec 09, 2018
-
-
Daniel Stenberg authored
-
Stefan Kanthak authored
All resources defined in lib/libcurl.rc and curl.rc are language neutral. winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong. Replace the hard-coded constants in both *.rc files with #define'd values. Thumbs-uped-by: Rod Widdowson, Johannes Schindelin URL: https://curl.haxx.se/mail/lib-2018-11/0000.html Closes #3348
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Reported-by: Jeroen Ooms Fixes #3351 Closes #3352
-
- Dec 08, 2018
-
-
Johannes Schindelin authored
This is a companion patch to cbea2fd2 (NTLM: force the connection to HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1 preemptively. However, with other (Negotiate) authentication it is not clear to this developer whether there is a way to make it work with HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the error HTTP_1_1_REQUIRED. Note: we will still keep the NTLM workaround, as it avoids an extra round trip. Daniel Stenberg helped a lot with this patch, in particular by suggesting to introduce the Curl_h2_http_1_1_error() function. Closes #3349 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
- Dec 07, 2018
-
-
Ben Greear authored
URL: https://curl.haxx.se/mail/lib-2018-11/0055.html Closes #3347
-
Johannes Schindelin authored
Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces the capability. However, NTLM authentication only works with HTTP/1.1, and will likely remain in that boat (for details, see https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported). When we just found out that we want to use NTLM, and when the current connection runs in HTTP/2 mode, let's force the connection to be closed and to be re-opened using HTTP/1.1. Fixes https://github.com/curl/curl/issues/3341 . Closes #3345 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
Johannes Schindelin authored
It is allowed to call that function with id set to -1, specifying the backend by the name instead. We should imitate what is done further down in that function to allow for that. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes #3346
-