#
63c53ea6 |
| 02-Feb-2023 |
Daniel Stenberg |
urlapi: skip the extra dedotdot alloc if no dot in path Saves an allocation for many/most URLs. Updates test 1395 accordingly Closes #10403
|
#
7305ca63 |
| 31-Jan-2023 |
Daniel Stenberg |
urlapi: avoid Curl_dyn_addf() for hex outputs Inspired by the recent fixes to escape.c, we should avoid calling Curl_dyn_addf() in loops, perhaps in particular when adding something so
urlapi: avoid Curl_dyn_addf() for hex outputs Inspired by the recent fixes to escape.c, we should avoid calling Curl_dyn_addf() in loops, perhaps in particular when adding something so simple as %HH codes - for performance reasons. This change makes the same thing for the URL parser's two URL-encoding loops. Closes #10384
show more ...
|
#
804d5293 |
| 01-Feb-2023 |
Daniel Stenberg |
urlapi: skip path checks if path is just "/" As a miniscule optimization, treat a path of the length 1 as the same as non-existing, as it can only be a single leading slash, and that's w
urlapi: skip path checks if path is just "/" As a miniscule optimization, treat a path of the length 1 as the same as non-existing, as it can only be a single leading slash, and that's what we do for no paths as well. Closes #10385
show more ...
|
#
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - save
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
show more ...
|
#
901392cb |
| 26-Dec-2022 |
Daniel Stenberg |
urlapi: add CURLU_PUNYCODE Allows curl_url_get() get the punycode version of host names for the host name and URL parts. Extend test 1560 to verify. Closes #10109
|
#
c20b35dd |
| 14-Dec-2022 |
Daniel Stenberg |
urlapi: reject more bad letters from the host name: &+() Follow-up from eb0167ff7d31d3a5 Extend test 1560 to verify Closes #10096
|
#
b15ca64b |
| 21-Oct-2022 |
Daniel Stenberg |
urlapi: remove two variable assigns To please scan-build: urlapi.c:1163:9: warning: Value stored to 'qlen' is never read qlen = Curl_dyn_len(&enc); ^ ~~
urlapi: remove two variable assigns To please scan-build: urlapi.c:1163:9: warning: Value stored to 'qlen' is never read qlen = Curl_dyn_len(&enc); ^ ~~~~~~~~~~~~~~~~~~ urlapi.c:1164:9: warning: Value stored to 'query' is never read query = u->query = Curl_dyn_ptr(&enc); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Follow-up to 7d6cf06f571d57 Closes #9777
show more ...
|
#
7d6cf06f |
| 18-Oct-2022 |
Daniel Stenberg |
urlapi: fix parsing URL without slash with CURLU_URLENCODE When CURLU_URLENCODE is set, the parser would mistreat the path component if the URL was specified without a slash like in
urlapi: fix parsing URL without slash with CURLU_URLENCODE When CURLU_URLENCODE is set, the parser would mistreat the path component if the URL was specified without a slash like in http://local.test:80?-123 Extended test 1560 to reproduce and verify the fix. Reported-by: Trail of Bits Closes #9763
show more ...
|
#
ddeec8fe |
| 11-Oct-2022 |
12932 <68835423+12932@users.noreply.github.com> |
misc: nitpick grammar in comments/docs because the 'u' in URL is actually a consonant *sound* it is only correct to write "a URL" sorry this is a bit nitpicky :P https:
misc: nitpick grammar in comments/docs because the 'u' in URL is actually a consonant *sound* it is only correct to write "a URL" sorry this is a bit nitpicky :P https://english.stackexchange.com/questions/152/when-should-i-use-a-vs-an https://www.techtarget.com/whatis/feature/Which-is-correct-a-URL-or-an-URL Closes #9699
show more ...
|
#
e80c4ff3 |
| 04-Oct-2022 |
John Bampton |
misc: fix spelling in docs and comments also: remove outdated sentence Closes #9644
|
#
eb0167ff |
| 27-Sep-2022 |
Daniel Stenberg |
urlapi: reject more bad characters from the host name field Extended test 1560 to verify Report from the ongoing source code audit by Trail of Bits. Closes #9608
|
#
9d513290 |
| 15-Sep-2022 |
Patrick Monnerat |
setopt: use the handler table for protocol name to number conversions This also returns error CURLE_UNSUPPORTED_PROTOCOL rather than CURLE_BAD_FUNCTION_ARGUMENT when a listed protocol na
setopt: use the handler table for protocol name to number conversions This also returns error CURLE_UNSUPPORTED_PROTOCOL rather than CURLE_BAD_FUNCTION_ARGUMENT when a listed protocol name is not found. A new schemelen parameter is added to Curl_builtin_scheme() to support this extended use. Note that disabled protocols are not recognized anymore. Tests adapted accordingly. Closes #9472
show more ...
|
#
84667854 |
| 14-Sep-2022 |
Daniel Stenberg |
urlapi: detect scheme better when not guessing When the parser is not allowed to guess scheme, it should consider the word ending at the first colon to be the scheme, independently of nu
urlapi: detect scheme better when not guessing When the parser is not allowed to guess scheme, it should consider the word ending at the first colon to be the scheme, independently of number of slashes. The parser now checks that the scheme is known before it counts slashes, to improve the error messge for URLs with unknown schemes and maybe no slashes. When following redirects, no scheme guessing is allowed and therefore this change effectively prevents redirects to unknown schemes such as "data". Fixes #9503
show more ...
|
#
f703cf97 |
| 01-Sep-2022 |
Daniel Stenberg |
urlapi: leaner with fewer allocs Slightly faster with more robust code. Uses fewer and smaller mallocs. - remove two fields from the URL handle struct - reduce copies and allocs
urlapi: leaner with fewer allocs Slightly faster with more robust code. Uses fewer and smaller mallocs. - remove two fields from the URL handle struct - reduce copies and allocs - use dynbuf buffers more instead of custom malloc + copies - uses dynbuf to build the host name in reduces serial alloc+free within the same function. - move dedotdotify into urlapi.c and make it static, not strdup the input and optimize it by checking for . and / before using strncmp - remove a few strlen() calls - add Curl_dyn_setlen() that can "trim" an existing dynbuf Closes #9408
show more ...
|
#
8dd95da3 |
| 05-Sep-2022 |
Daniel Stenberg |
ctype: remove all use of <ctype.h>, use our own versions Except in the test servers. Closes #9433
|
#
c9061f24 |
| 31-Aug-2022 |
Viktor Szakats |
misc: spelling fixes Found using codespell 2.2.1. Also delete the redundant protocol designator from an archive.org URL. Reviewed-by: Daniel Stenberg Closes #9403
|
#
4bf2c231 |
| 19-Jun-2022 |
Pierrick Charron |
urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts As per the documentation : > Setting a part to a NULL pointer will effectively remove that > part's conten
urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts As per the documentation : > Setting a part to a NULL pointer will effectively remove that > part's contents from the CURLU handle. But currently clearing CURLUPART_URL does nothing and returns CURLUE_OK. This change will clear all parts of the URL at once. Closes #9028
show more ...
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
#
c3fc406e |
| 08-Jun-2022 |
Daniel Stenberg |
urlapi: support CURLU_URLENCODE for curl_url_get()
|
#
914aaab9 |
| 09-May-2022 |
Daniel Stenberg |
urlapi: reject percent-decoding host name into separator bytes CVE-2022-27780 Reported-by: Axel Chong Bug: https://curl.se/docs/CVE-2022-27780.html Closes #8826
|
#
b5b86856 |
| 05-May-2022 |
Sergey Markelov |
urlapi: address (harmless) UndefinedBehavior sanitizer warning `while(i--)` causes runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned l
urlapi: address (harmless) UndefinedBehavior sanitizer warning `while(i--)` causes runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long') Closes #8797
show more ...
|
#
a3f4d7ce |
| 30-Mar-2022 |
Daniel Stenberg |
misc: spelling fixes Mostly in comments but also in the -w documentation for headers_json. Closes #8647
|
#
70ac2760 |
| 14-Feb-2022 |
Stefan Eissing |
urlapi: handle "redirects" smarter - avoid one malloc when setting a new url via curl_url_set() and CURLUPART_URL. - extract common pattern into a new static function.
urlapi: handle "redirects" smarter - avoid one malloc when setting a new url via curl_url_set() and CURLUPART_URL. - extract common pattern into a new static function. Closes #8450
show more ...
|
#
26101421 |
| 03-Feb-2022 |
Daniel Stenberg |
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378
|
#
9fe2a20b |
| 01-Feb-2022 |
HenrikHolst |
urlapi: remove an unnecessary call to strlen - Use strcpy instead of strlen+memcpy to copy the url path. Ref: https://curl.se/mail/lib-2022-02/0006.html Closes https://gith
urlapi: remove an unnecessary call to strlen - Use strcpy instead of strlen+memcpy to copy the url path. Ref: https://curl.se/mail/lib-2022-02/0006.html Closes https://github.com/curl/curl/pull/8370
show more ...
|