From 54066f5d09dce2c96ddda6e25f33cf8fa5d50801 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 13 Jun 2018 11:24:34 +0200 Subject: [PATCH] TODO: "Option to refuse usernames in URLs" done MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Implemented by Björn in 946ce5b61f --- docs/TODO | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/docs/TODO b/docs/TODO index 3d58717b49..cea637868b 100644 --- a/docs/TODO +++ b/docs/TODO @@ -17,7 +17,6 @@ All bugs documented in the KNOWN_BUGS document are subject for fixing! 1. libcurl - 1.1 Option to refuse usernames in URLs 1.2 More data sharing 1.3 struct lifreq 1.4 signal-based resolver timeouts @@ -189,16 +188,6 @@ 1. libcurl -1.1 Option to refuse usernames in URLs - - There's a certain risk for application in allowing user names in URLs. For - example: if the wrong person gets to set the URL and manages to set a user - name in there when .netrc is used, the application may send along a password - that otherwise the person couldn't provide. - - A new libcurl option could be added to allow applications to switch off this - feature and thus avoid a potential risk. - 1.2 More data sharing curl_share_* functions already exist and work, and they can be extended to