mirror of
https://github.com/UberGames/lilium-voyager.git
synced 2024-12-13 13:40:56 +00:00
Only allow safe protocols for cURL downloads
A malicious server could abuse dangerous protocols such as gopher:// to, for instance, send mail via SMTP.
This commit is contained in:
parent
9736e7ff91
commit
bae86208f9
1 changed files with 2 additions and 0 deletions
|
@ -299,6 +299,8 @@ void CL_cURL_BeginDownload( const char *localName, const char *remoteURL )
|
|||
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_FAILONERROR, 1);
|
||||
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_FOLLOWLOCATION, 1);
|
||||
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_MAXREDIRS, 5);
|
||||
qcurl_easy_setopt_warn(clc.downloadCURL, CURLOPT_PROTOCOLS,
|
||||
CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP | CURLPROTO_FTPS);
|
||||
clc.downloadCURLM = qcurl_multi_init();
|
||||
if(!clc.downloadCURLM) {
|
||||
qcurl_easy_cleanup(clc.downloadCURL);
|
||||
|
|
Loading…
Reference in a new issue