cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: @ sign in request

From: Duncan McQueen <dwmcqueen_at_gmail.com>
Date: Fri, 22 Dec 2006 08:43:56 -0600

My code was:

curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorBuffer);
       curl_easy_setopt(curl, CURLOPT_PORT, port);
       curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
       curl_easy_setopt(curl, CURLOPT_HEADER, 0);
       curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
       curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writer);
       curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buffer);
       // Attempt to retrieve the remote page
       result = curl_easy_perform(curl);
       // Always cleanup
       curl_easy_cleanup(curl);

url was an STL string populated as such -
"http://www.url.com?email=mail@mail.com" (actually it was a larger
string). I got an error returned saying couldn't open "@mail.com".

I'll get more details about library version and the such later. It
was on GCC on Windows (Mingw)

On 12/22/06, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Thu, 21 Dec 2006, Richard Atterer wrote:
>
> > On Mon, Dec 18, 2006 at 10:03:26PM -0600, Duncan McQueen wrote:
> >> However, the request appers to cut off the URL at the @ sign
> >> (supposedly because it thinks it is a file).
> >
> > Surely this cannot be the case?? Otherwise, depending on the application,
> > curl-using applications could easily be tricked into uploading arbitrary
> > files to remote servers?!
>
> I don't see how this can happen. Duncan, if you have any example for when this
> might occur, I'm all ears.
>
> --
> Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
>
Received on 2006-12-22