curl-users
Re: curl and http redirects; possible security implications
Date: Sun, 18 Apr 2010 23:34:29 +0100
--On 18 April 2010 22:55:52 +0100 Alex Bligh <alex_at_alex.org.uk> wrote:
> --On 18 April 2010 23:01:19 +0200 Daniel Stenberg <daniel_at_haxx.se> wrote:
>
>> On Sun, 18 Apr 2010, Lars Nilsson wrote:
>>
>>> As Unix shells (most if not all) use ! for special purposes, the option
>>> value would have to be quoted (using single quotes) to prevent an
>>> attempt to expand it to during command line parsing. Perhaps something
>>> like ~ could be used instead (at least I don't think it should be a
>>> problem despite being used to designate home directory for some
>>> programs)? Just food for thought.
>>
>> Or perhaps just + and - ?
>>
>> Like --proto +ftp,http would mean only enable those protocols while
>> --proto -ftp,http would mean enable all protocols except the named ones.
>>
>> The downside is perhaps that starting with a dash/minus makes it look
>> like an option...
>
> See the attached (which has not had a lot of testing but seems to work
> roughly speaking).
>
> You can use -,~ or ! as modifiers to negate protocols, and + or nothing
> to enable them. Note that the modifiers apply only to the immediately
> adjacent option, so to disable ftp and ftps you want -ftp,-ftps (not
> -ftp,ftps). all represents all protocols.
>
> I could not find a neat way to read from libcurl a list of textual
> protocols and CURLPROTO_xxx flags, which meant I needed to duplicate
> them in curl itself, which is a pity. I may have missed something.
Actually, see the attached instead, which supports an '=' flag too.
-- Alex Bligh
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/octet-stream attachment: curl-add-proto-options-amb2.diff