mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-03-31 16:00:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults

Browse Source 
follow-up to 6080ea098
This commit is contained in:
Daniel Stenberg 2019-07-14 16:32:50 +02:00
parent 797e549d0d
commit 02a62074c7
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/libcurl/libcurl-security.3
View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@ -97,8 +97,8 @@ Never ever switch off certificate verification.
The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP
redirects sent by a remote server. These redirects can refer to any kind of
URL, not just HTTP. libcurl restricts the protocols allowed to be used in
redirects for security reasons: FILE, SCP, SMB and SMBS are disabled by
default. Applications are encouraged to restrict that set further.
redirects for security reasons: only HTTP, HTTPS and FTP are enabled by
default. Applications may opt to restrict thus set further.
A redirect to a file: URL would cause the libcurl to read (or write) arbitrary
files from the local filesystem. If the application returns the data back to