1. 23 Jan, 2018 5 commits
  2. 22 Jan, 2018 2 commits
    • Daniel Stenberg's avatar
      http: prevent custom Authorization headers in redirects · af32cd38
      Daniel Stenberg authored
      ... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
      curl already handles Authorization headers created internally.
      
      Note: this changes behavior slightly, for the sake of reducing mistakes.
      
      Added test 317 and 318 to verify.
      
      Reported-by: Craig de Stigter
      Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
      af32cd38
    • Daniel Stenberg's avatar
      curl: progress bar refresh, get width using ioctl() · 993dd565
      Daniel Stenberg authored
      Get screen width from the environment variable COLUMNS first, if set. If
      not, use ioctl(). If nether works, assume 79.
      
      Closes #2242
      
      The "refresh" is for the -# output when no total transfer size is
      known. It will now only use a single updated line even for this case:
      
      The "-=O=-" ship moves when data is transferred. The four flying
      "hashes" move (on a sine wave) on each refresh, independent of data.
      993dd565
  3. 20 Jan, 2018 3 commits
  4. 18 Jan, 2018 6 commits
  5. 17 Jan, 2018 3 commits
  6. 16 Jan, 2018 1 commit
  7. 15 Jan, 2018 3 commits
  8. 14 Jan, 2018 2 commits
    • Patrick Monnerat's avatar
      mime: clone mime tree upon easy handle duplication. · e44ddfd4
      Patrick Monnerat authored
      A mime tree attached to an easy handle using CURLOPT_MIMEPOST is
      strongly bound to the handle: there is a pointer to the easy handle in
      each item of the mime tree and following the parent pointer list
      of mime items ends in a dummy part stored within the handle.
      
      Because of this binding, a mime tree cannot be shared between different
      easy handles, thus it needs to be cloned upon easy handle duplication.
      
      There is no way for the caller to get the duplicated mime tree
      handle: it is then set to be automatically destroyed upon freeing the
      new easy handle.
      
      New test 654 checks proper mime structure duplication/release.
      
      Add a warning note in curl_mime_data_cb() documentation about sharing
      user data between duplicated handles.
      
      Closes #2235
      e44ddfd4
    • Patrick Monnerat's avatar
  9. 13 Jan, 2018 8 commits
  10. 11 Jan, 2018 1 commit
    • Zhouyihai Ding's avatar
      http2: fix incorrect trailer buffer size · fa3dbb9a
      Zhouyihai Ding authored
      Prior to this change the stored byte count of each trailer was
      miscalculated and 1 less than required. It appears any trailer
      after the first that was passed to Curl_client_write would be truncated
      or corrupted as well as the size. Potentially the size of some
      subsequent trailer could be erroneously extracted from the contents of
      that trailer, and since that size is used by client write an
      out-of-bounds read could occur and cause a crash or be otherwise
      processed by client write.
      
      The bug appears to have been born in 0761a51e (precedes 7.49.0).
      
      Closes https://github.com/curl/curl/pull/2231
      fa3dbb9a
  11. 09 Jan, 2018 3 commits
  12. 08 Jan, 2018 1 commit
  13. 07 Jan, 2018 2 commits