curl-library
Re: [SECURITY ADVISORY] curl invalid URL parsing with '#'
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 6 Nov 2016 00:38:25 +0100 (CET)
Date: Sun, 6 Nov 2016 00:38:25 +0100 (CET)
On Fri, 4 Nov 2016, Ray Satiro via curl-library wrote:
> I'm not sure that this is a bug, it seems more correct than it was before.
> However if for backwards compatibility we wanted to skip that for file it
> should be simple
>
> - if(path[0] != '/') {
> + if(path[0] != '/' && !strcasecompare(protop, "file")) {
Changing that behavior was not intended with this commit so I figure it is
worth getting the former treatment back. I'd be much happier if we could write
up a test case for this as well so we can catch this the next time.
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2016-11-06