Mailing Lists
|
|
cURL Mailing List Monthly Index Single Mail
curl-tracker Archives
[curl:bugs] #1234 libcurl_tutorial.3 contains incorrect backslash
From: Dan Fandrich <dfandrich_at_users.sf.net>
Date: Mon, 03 Jun 2013 18:45:21 +0000
The backslash there was deliberate, as an implicit reminder to the reader that those can also cause security faults if not treated specially. Admittedly, the backslash should have been doubled to make it through nroff, but eliminating it altogether makes the point of the \autoexec.bat example moot.
--- ** [bugs:#1234] libcurl_tutorial.3 contains incorrect backslash** **Status:** closed-fixed **Created:** Tue May 28, 2013 11:28 AM UTC by Eric S. Raymond **Last Updated:** Tue May 28, 2013 11:39 AM UTC **Owner:** Daniel Stenberg --- libcurl-tutorial.3-unpatched 2013-05-28 07:24:46.577949934 -0400 +++ libcurl-tutorial.3 2013-05-28 07:25:06.161949568 -0400 @@ -1246,7 +1246,7 @@ could also use CURLINFO_EFFECTIVE_URL to generate a file name from a server-supplied redirect URL. Special care must be taken to sanitize such names to avoid the possibility of a malicious server supplying one like -"/etc/passwd", "\autoexec.bat" or even ".bashrc". +"/etc/passwd", "autoexec.bat" or even ".bashrc". .IP "Server Certificates" A secure application should never use the CURLOPT_SSL_VERIFYPEER option to --- Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/curl/bugs/1234/> To unsubscribe from further messages, please visit <https://sourceforge.net/auth/subscriptions/>Received on 2013-06-03 These mail archives are generated by hypermail. |
Page updated May 06, 2013.
web site info