cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl and http redirects; possible security implications

From: Alex Bligh <alex_at_alex.org.uk>
Date: Sun, 18 Apr 2010 22:55:52 +0100

--On 18 April 2010 23:01:19 +0200 Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Sun, 18 Apr 2010, Lars Nilsson wrote:
>
>> As Unix shells (most if not all) use ! for special purposes, the option
>> value would have to be quoted (using single quotes) to prevent an
>> attempt to expand it to during command line parsing. Perhaps something
>> like ~ could be used instead (at least I don't think it should be a
>> problem despite being used to designate home directory for some
>> programs)? Just food for thought.
>
> Or perhaps just + and - ?
>
> Like --proto +ftp,http would mean only enable those protocols while
> --proto -ftp,http would mean enable all protocols except the named ones.
>
> The downside is perhaps that starting with a dash/minus makes it look
> like an option...

See the attached (which has not had a lot of testing but seems to work
roughly speaking).

You can use -,~ or ! as modifiers to negate protocols, and + or nothing
to enable them. Note that the modifiers apply only to the immediately
adjacent option, so to disable ftp and ftps you want -ftp,-ftps (not
-ftp,ftps). all represents all protocols.

I could not find a neat way to read from libcurl a list of textual
protocols and CURLPROTO_xxx flags, which meant I needed to duplicate
them in curl itself, which is a pity. I may have missed something.

-- 
Alex Bligh


-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2010-04-18