| #
63c53ea6 |
| 02-Feb-2023 |
Daniel Stenberg |
urlapi: skip the extra dedotdot alloc if no dot in path
Saves an allocation for many/most URLs.
Updates test 1395 accordingly
Closes #10403
|
| #
7305ca63 |
| 31-Jan-2023 |
Daniel Stenberg |
urlapi: avoid Curl_dyn_addf() for hex outputs
Inspired by the recent fixes to escape.c, we should avoid calling
Curl_dyn_addf() in loops, perhaps in particular when adding something so
urlapi: avoid Curl_dyn_addf() for hex outputs
Inspired by the recent fixes to escape.c, we should avoid calling
Curl_dyn_addf() in loops, perhaps in particular when adding something so
simple as %HH codes - for performance reasons. This change makes the
same thing for the URL parser's two URL-encoding loops.
Closes #10384
show more ...
|
| #
804d5293 |
| 01-Feb-2023 |
Daniel Stenberg |
urlapi: skip path checks if path is just "/"
As a miniscule optimization, treat a path of the length 1 as the same as
non-existing, as it can only be a single leading slash, and that's w
urlapi: skip path checks if path is just "/"
As a miniscule optimization, treat a path of the length 1 as the same as
non-existing, as it can only be a single leading slash, and that's what
we do for no paths as well.
Closes #10385
show more ...
|
| #
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
checksrc is updated to allow non-year using copyright statements
Closes #10205
show more ...
|
| #
901392cb |
| 26-Dec-2022 |
Daniel Stenberg |
urlapi: add CURLU_PUNYCODE
Allows curl_url_get() get the punycode version of host names for the
host name and URL parts.
Extend test 1560 to verify.
Closes #10109
|
| #
c20b35dd |
| 14-Dec-2022 |
Daniel Stenberg |
urlapi: reject more bad letters from the host name: &+()
Follow-up from eb0167ff7d31d3a5
Extend test 1560 to verify
Closes #10096
|
| #
b15ca64b |
| 21-Oct-2022 |
Daniel Stenberg |
urlapi: remove two variable assigns
To please scan-build:
urlapi.c:1163:9: warning: Value stored to 'qlen' is never read
qlen = Curl_dyn_len(&enc);
^ ~~
urlapi: remove two variable assigns
To please scan-build:
urlapi.c:1163:9: warning: Value stored to 'qlen' is never read
qlen = Curl_dyn_len(&enc);
^ ~~~~~~~~~~~~~~~~~~
urlapi.c:1164:9: warning: Value stored to 'query' is never read
query = u->query = Curl_dyn_ptr(&enc);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Follow-up to 7d6cf06f571d57
Closes #9777
show more ...
|
| #
7d6cf06f |
| 18-Oct-2022 |
Daniel Stenberg |
urlapi: fix parsing URL without slash with CURLU_URLENCODE
When CURLU_URLENCODE is set, the parser would mistreat the path
component if the URL was specified without a slash like in
urlapi: fix parsing URL without slash with CURLU_URLENCODE
When CURLU_URLENCODE is set, the parser would mistreat the path
component if the URL was specified without a slash like in
http://local.test:80?-123
Extended test 1560 to reproduce and verify the fix.
Reported-by: Trail of Bits
Closes #9763
show more ...
|
| #
ddeec8fe |
| 11-Oct-2022 |
12932 <68835423+12932@users.noreply.github.com> |
misc: nitpick grammar in comments/docs
because the 'u' in URL is actually a consonant *sound* it is only
correct to write "a URL"
sorry this is a bit nitpicky :P
https:
misc: nitpick grammar in comments/docs
because the 'u' in URL is actually a consonant *sound* it is only
correct to write "a URL"
sorry this is a bit nitpicky :P
https://english.stackexchange.com/questions/152/when-should-i-use-a-vs-an
https://www.techtarget.com/whatis/feature/Which-is-correct-a-URL-or-an-URL
Closes #9699
show more ...
|
| #
e80c4ff3 |
| 04-Oct-2022 |
John Bampton |
misc: fix spelling in docs and comments
also: remove outdated sentence
Closes #9644
|
| #
eb0167ff |
| 27-Sep-2022 |
Daniel Stenberg |
urlapi: reject more bad characters from the host name field
Extended test 1560 to verify
Report from the ongoing source code audit by Trail of Bits.
Closes #9608
|
| #
9d513290 |
| 15-Sep-2022 |
Patrick Monnerat |
setopt: use the handler table for protocol name to number conversions
This also returns error CURLE_UNSUPPORTED_PROTOCOL rather than
CURLE_BAD_FUNCTION_ARGUMENT when a listed protocol na
setopt: use the handler table for protocol name to number conversions
This also returns error CURLE_UNSUPPORTED_PROTOCOL rather than
CURLE_BAD_FUNCTION_ARGUMENT when a listed protocol name is not found.
A new schemelen parameter is added to Curl_builtin_scheme() to support
this extended use.
Note that disabled protocols are not recognized anymore.
Tests adapted accordingly.
Closes #9472
show more ...
|
| #
84667854 |
| 14-Sep-2022 |
Daniel Stenberg |
urlapi: detect scheme better when not guessing
When the parser is not allowed to guess scheme, it should consider the
word ending at the first colon to be the scheme, independently of nu
urlapi: detect scheme better when not guessing
When the parser is not allowed to guess scheme, it should consider the
word ending at the first colon to be the scheme, independently of number
of slashes.
The parser now checks that the scheme is known before it counts slashes,
to improve the error messge for URLs with unknown schemes and maybe no
slashes.
When following redirects, no scheme guessing is allowed and therefore
this change effectively prevents redirects to unknown schemes such as
"data".
Fixes #9503
show more ...
|
| #
f703cf97 |
| 01-Sep-2022 |
Daniel Stenberg |
urlapi: leaner with fewer allocs
Slightly faster with more robust code. Uses fewer and smaller mallocs.
- remove two fields from the URL handle struct
- reduce copies and allocs
urlapi: leaner with fewer allocs
Slightly faster with more robust code. Uses fewer and smaller mallocs.
- remove two fields from the URL handle struct
- reduce copies and allocs
- use dynbuf buffers more instead of custom malloc + copies
- uses dynbuf to build the host name in reduces serial alloc+free within
the same function.
- move dedotdotify into urlapi.c and make it static, not strdup the input
and optimize it by checking for . and / before using strncmp
- remove a few strlen() calls
- add Curl_dyn_setlen() that can "trim" an existing dynbuf
Closes #9408
show more ...
|
| #
8dd95da3 |
| 05-Sep-2022 |
Daniel Stenberg |
ctype: remove all use of <ctype.h>, use our own versions
Except in the test servers.
Closes #9433
|
| #
c9061f24 |
| 31-Aug-2022 |
Viktor Szakats |
misc: spelling fixes
Found using codespell 2.2.1.
Also delete the redundant protocol designator from an archive.org URL.
Reviewed-by: Daniel Stenberg
Closes #9403
|
| #
4bf2c231 |
| 19-Jun-2022 |
Pierrick Charron |
urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
As per the documentation :
> Setting a part to a NULL pointer will effectively remove that
> part's conten
urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
As per the documentation :
> Setting a part to a NULL pointer will effectively remove that
> part's contents from the CURLU handle.
But currently clearing CURLUPART_URL does nothing and returns
CURLUE_OK. This change will clear all parts of the URL at once.
Closes #9028
show more ...
|
| #
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant
Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant
Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.
This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.
Closes #8869
show more ...
|
| #
c3fc406e |
| 08-Jun-2022 |
Daniel Stenberg |
urlapi: support CURLU_URLENCODE for curl_url_get()
|
| #
914aaab9 |
| 09-May-2022 |
Daniel Stenberg |
urlapi: reject percent-decoding host name into separator bytes
CVE-2022-27780
Reported-by: Axel Chong
Bug: https://curl.se/docs/CVE-2022-27780.html
Closes #8826
|
| #
b5b86856 |
| 05-May-2022 |
Sergey Markelov |
urlapi: address (harmless) UndefinedBehavior sanitizer warning
`while(i--)` causes runtime error: unsigned integer overflow: 0 - 1
cannot be represented in type 'size_t' (aka 'unsigned l
urlapi: address (harmless) UndefinedBehavior sanitizer warning
`while(i--)` causes runtime error: unsigned integer overflow: 0 - 1
cannot be represented in type 'size_t' (aka 'unsigned long')
Closes #8797
show more ...
|
| #
a3f4d7ce |
| 30-Mar-2022 |
Daniel Stenberg |
misc: spelling fixes
Mostly in comments but also in the -w documentation for headers_json.
Closes #8647
|
| #
70ac2760 |
| 14-Feb-2022 |
Stefan Eissing |
urlapi: handle "redirects" smarter
- avoid one malloc when setting a new url via curl_url_set()
and CURLUPART_URL.
- extract common pattern into a new static function.
urlapi: handle "redirects" smarter
- avoid one malloc when setting a new url via curl_url_set()
and CURLUPART_URL.
- extract common pattern into a new static function.
Closes #8450
show more ...
|
| #
26101421 |
| 03-Feb-2022 |
Daniel Stenberg |
lib: remove support for CURL_DOES_CONVERSIONS
TPF was the only user and support for that was dropped.
Closes #8378
|
| #
9fe2a20b |
| 01-Feb-2022 |
HenrikHolst |
urlapi: remove an unnecessary call to strlen
- Use strcpy instead of strlen+memcpy to copy the url path.
Ref: https://curl.se/mail/lib-2022-02/0006.html
Closes https://gith
urlapi: remove an unnecessary call to strlen
- Use strcpy instead of strlen+memcpy to copy the url path.
Ref: https://curl.se/mail/lib-2022-02/0006.html
Closes https://github.com/curl/curl/pull/8370
show more ...
|
