New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lib: sanitize conditional exclusion around MIME #9610
Conversation
@@ -98,6 +98,9 @@ implies that if you tell libcurl to follow redirects | |||
in the subsequent request. Redirects can of course go to other hosts and thus | |||
those servers will get all the contents of your custom headers too. | |||
|
|||
This option must also be used to set the top-level headers of a MIME mail when | |||
uploading the latter via SMTP or IMAP. | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how is this a security concern
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how is this a security concern
Thanks for pointing this out: I placed the paragraph in a wrong section.
I was not completely aware of this. I think the man page needs more massaging to better convey this fact. It is even unfortunate that it is named Should we consider a new alias for this called |
I think we should. We already did this kind of thing (i.e.: IMAP and SMTP mime mails use this option because the mime api we implemented supports setting headers on parts only. Mime mail data need to support document-level headers. We currently already have the (undocumented) |
(It is of course a bit off topic for this PR) I think i would prefer a new name to use for the option globally rather than to continue to invent special protocol aliases.
An obvious downside with a name change (even when the old name is still supported) is that this is a very commonly used option so there exist a bazillion examples of its use on stackoverflow and other places online, and they will look worse if we change the name... That could be an argument for just adding an alias like |
Yes, me too. what about
Agreed. But we did it already for |
6c17a80
to
aef0369
Compare
Documentation updated. |
The introduction of CURL_DISABLE_MIME came with some additional bugs: - Disabled MIME is compiled-in anyway if SMTP and/or IMAP is enabled. - CURLOPT_MIMEPOST, CURLOPT_MIME_OPTIONS and CURLOPT_HTTPHEADER are conditioned on HTTP, although also needed for SMTP and IMAP MIME mail uploads. In addition, the CURLOPT_HTTPHEADER and --header documentation does not mention their use for MIME mail. This commit fixes the problems above.
aef0369
to
d208f81
Compare
Thanks! |
The introduction of
CURL_DISABLE_MIME
came with some additional bugs:CURLOPT_MIMEPOST
,CURLOPT_MIME_OPTIONS
andCURLOPT_HTTPHEADER
are conditioned on HTTP, although also needed for SMTP and IMAP MIME mail uploads.In addition, the
CURLOPT_HTTPHEADER
and--header
documentation does not mention their use for MIME mail.This commit fixes the problems above.