cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl and http redirects; possible security implications

From: Alex Bligh <alex_at_alex.org.uk>
Date: Mon, 19 Apr 2010 21:06:34 +0100

--On 19 April 2010 18:42:09 +0100 Alex Bligh <alex_at_alex.org.uk> wrote:

>> I would prefer just '-'!
>
> OK, I will make that change (or you can - it's merely deleting
> two lines).
>
>> Speaking of this, it struck me that you should probably allow the feature
>> to try to change protocols that it doesn't know about so that it is
>> suitable future-proof. I'm thinking about the case where a future curl
>> introduces support for the COFFEE protocol but somone dislikes it and use
>> "--proto -coffee", and then they copy that command line back to a 7.20.1
>> curl which doesn't know about coffee at all.
>>
>> Of course, a downside would be that a misspelled protocol isn't detected.
>> Perhaps it is enough if we use warnf() to inform about unknown protocols
>> that are mentioned?
>
> How about I make '~' or something an additional prefix which ignored the
> option if it wasn't recognised? IE you could do "--proto -~coffee" to
> disable coffee support but ignore it if coffee was not understood. That's
> a
> pretty trivial change. You then get proper error handling in the normal
> case, but the person who wants to use a back-compatible command line
> can do so without parsing the output of curl -V.

See attached.

-- 
Alex Bligh


-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2010-04-19