On 12/01, Jeff King wrote:
> - set CURLOPT_PROTOCOLS alongside CURLOPT_REDIR_PROTOCOLS
> restrict ourselves to a known-safe set and respect any
> user-provided whitelist.
> diff --git a/http.c b/http.c
> index 825118481..051fe6e5a 100644
> --- a/http.c
> +++ b/http.c
> @@ -745,6 +745,7 @@ static CURL *get_curl_handle(void)
> if (is_transport_allowed("ftps"))
> allowed_protocols |= CURLPROTO_FTPS;
> curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols);
> + curl_easy_setopt(result, CURLOPT_PROTOCOLS, allowed_protocols);
> #else
> if (transport_restrict_protocols())
> warning("protocol restrictions not applied to curl redirects because\n"
Because I don't know much about how curl works....Only
http/https/ftp/ftps protocols are allowed to be passed to curl? Is that
because curl only understands those particular protocols?
--
Brandon Williams