mirror of
https://github.com/UberGames/lilium-voyager.git
synced 2024-12-13 21:51:09 +00:00
Only allow safe protocols for cURL downloads
A malicious server could abuse dangerous protocols such as gopher:// to, for instance, send mail via SMTP.
This commit is contained in:
parent
9736e7ff91
commit
bae86208f9
1 changed files with 2 additions and 0 deletions
|
@ -299,6 +299,8 @@ void CL_cURL_BeginDownload( const char *localName, const char *remoteURL )
|
||||||
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_FAILONERROR, 1);
|
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_FAILONERROR, 1);
|
||||||
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_FOLLOWLOCATION, 1);
|
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_FOLLOWLOCATION, 1);
|
||||||
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_MAXREDIRS, 5);
|
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_MAXREDIRS, 5);
|
||||||
|
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_PROTOCOLS,
|
||||||
|
CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP | CURLPROTO_FTPS);
|
||||||
clc.downloadCURLM = qcurl_multi_init();
|
clc.downloadCURLM = qcurl_multi_init();
|
||||||
if(!clc.downloadCURLM) {
|
if(!clc.downloadCURLM) {
|
||||||
qcurl_easy_cleanup(clc.downloadCURL);
|
qcurl_easy_cleanup(clc.downloadCURL);
|
||||||
|
|
Loading…
Reference in a new issue