cURL / Mailing Lists / curl-users / Single Mail

curl-users

(BUG or FEATURE) Wget does it better than Curl

From: nelson <gnel_at_cenobioracing.com>
Date: 17 Oct 2004 20:55:51 +0100

The facts:

** WGET **

[root_at_nelson nelson]# wget
http://www.server.org/gestran/images/../../../../videoclub_2.zip
--19:21:22-- http://www.server.org/videoclub_2.zip
           => `videoclub_2.zip'
Resolviendo www.server.org... hecho.
Conectando con www.server.org[127.0.0.1]:80... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 14,176 [application/zip]

100%[====================================>] 14,176 13.52M/s
ETA 00:00

19:21:22 (13.52 MB/s) - `videoclub_2.zip' guardado [14176/14176]

** CURL **

[root_at_nelson nelson]# curl
http://www.server.org/gestran/images/../../../../videoclub_2.zip
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Invalid URI in request GET /gestran/images/../../../../videoclub_2.zip
HTTP/1.1<P>
<HR>
<ADDRESS>Apache-AdvancedExtranetServer/1.3.26 Server at www.server.org
Port 80</ADDRESS>
</BODY></HTML>
[root_at_nelson nelson]#

-------------------------

I dont know if this url
http://www.server.org/gestran/images/../../../../videoclub_2.zip
is rtf compliant, but wget and IE translate it to
http://www.server.org/videoclub_2.zip
which is a right behaviour and the file gets downloaded so the user get
his file.
Curl didnt format (cut the ../) the url before send it to the web
server, and apache reject that url, IIS too, see:
http://www.brinkster.com/images/../../ContactUs.aspx

 but for example thttpd server at www.danielclemente.com didnt reject
it:

[nelson_at_nelson nelson]$ curl
http://www.danielclemente.com/../../../valid-html401.png > archivo.png
  % Total % Received % Xferd Average Speed Time
Curr.
                                 Dload Upload Total Current Left
Speed
100 2948 100 2948 0 0 3400 0 0:00:00 0:00:00 0:00:00
26194

So, although that URL is probably no rtf compliant, I think libCURL
should modify it correctly, for the goodness of end users, like wget
does...

PD:in first example www.server.org is not a really site
Received on 2004-10-17