cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: @ sign in request

From: Richard Atterer <richard_at_2006.atterer.net>
Date: Thu, 21 Dec 2006 18:07:54 +0100

On Mon, Dec 18, 2006 at 10:03:26PM -0600, Duncan McQueen wrote:
> However, the request appers to cut off the URL at the @ sign
> (supposedly because it thinks it is a file).

Surely this cannot be the case?? Otherwise, depending on the application,
curl-using applications could easily be tricked into uploading arbitrary
files to remote servers?!

Looking at the code, I cannot find the reason why @ behaves so strange
here. But I've only taken a short look...

If I read RFC 2396 correctly, "@" is allowed unescaped in pathnames
(section 3.3. Path Component), so maybe this is a bug in libcurl.

Cheers,

Richard

-- 
  __   _
  |_) /|  Richard Atterer     |  GnuPG key: 888354F7
  | \/�|  http://atterer.net  |  08A9 7B7D 3D13 3EF2 3D25  D157 79E6 F6DC 8883 54F7
  � '` �

Received on 2006-12-21

This message: [ Message body ]
Next message: Jochen Hayek: "WWW::Curl::Easy -- perl libcurl bindings -- CURLOPT_COOKIE*"
Previous message: Duncan McQueen: "Re: @ sign in request"
In reply to: Duncan McQueen: "@ sign in request"
Next in thread: Daniel Stenberg: "Re: @ sign in request"
Reply: Daniel Stenberg: "Re: @ sign in request"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]