cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Problem with ./ in redirect

From: Ufuk Kayserilioglu <groups_at_paralaus.com>
Date: Fri, 4 Oct 2002 19:55:54 +0300

I have recently had the chance to integrate cURL
into a browser type of program which works with
relative URLs which may or may not contain ./ and
../ variants. Thus before I give cURL the URL to
fetch I had to somehow combine the base and
relative URLs to come up with the absolute one. I
used to think that cURL already possessed
functionality to perform such a thing (at the end
of the day it has to do the same inside at some
point) but was suprised to see that no such
function existed. I decided to use the
InternetCrackURL and InternetCombineURL functions
in the WinInet library of Windows (even though I
didn't enjoy the idea of using yet another
component for the task).

Now that the issue is being dealt with inside the
cURL community, may I suggest that such
functionality also be exposed through the library.
We could maybe have curl_url_combine() and
curl_url_crack() kind of functions. I would even
offer my own contributions to such a cause.

Thanks, and keep up the good work,

Ufuk Kayserilioglu

PS: The relevant URL handling functions of the
WinInet library are listed below and should all be
very useful for cURL.

      InternetCanonicalizeUrl Canonicalizes the
URL.
      InternetCombineUrl Combines base and
relative URLs.
      InternetCrackUrl Parses a URL string into
components.
      InternetCreateUrl Creates a URL string from
components.

----- Original Message -----
From: "Daniel Stenberg" <daniel_at_haxx.se>
To: "Curl Mailinglist"
<curl-users_at_lists.sourceforge.net>
Sent: Friday, October 04, 2002 5:14 PM
Subject: Re: Problem with ./ in redirect

> On Thu, 3 Oct 2002, Ralph Mitchell wrote:
>
> > I guess if the url starts with ./ it'll be ok
to hack it off, or even wait
> > until just before sending out the url and then
run along it taking out any
> > ./ that crept in?
>
> I'd rather not. I prefer to let the user be able
to put in any kind of weirdo
> input he feels like.
>
> > But I'm afraid that it should probably be more
generic than that, right?
> > In the case of the ../ that Kevin mentioned,
the next-to-the-left directory
> > name (if there is one) should be removed, then
the whole process repeated
> > until either no directory name fall between
the server and the ../, or
> > until there are no more ../s. Did that make
sense?
>
> This makes sense. I had a go at this just a
while ago and attached to this
> mail is a patch that seems to work for me. I
also added four test cases that
> proves this to work at least for the most
obvious cases.
>
> > I don't suppose there's a 'canonicalise path'
function in the C library, is
> > there? That would be just too easy... :)
>
> Correct.
>
> Anyway, please try the attached patch and see if
it makes your life sunnier!
> (I made this patch against 7.10, but I bet you
can apply it to older sources
> as well, should you want that.)
>
> --
> Daniel Stenberg -- curl related mails on curl
related mailing lists please
>

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2002-10-04