On 12/01, Jeff King wrote:
>   - set CURLOPT_PROTOCOLS alongside CURLOPT_REDIR_PROTOCOLS
>     restrict ourselves to a known-safe set and respect any
>     user-provided whitelist.



> diff --git a/http.c b/http.c
> index 825118481..051fe6e5a 100644
> --- a/http.c
> +++ b/http.c
> @@ -745,6 +745,7 @@ static CURL *get_curl_handle(void)
>       if (is_transport_allowed("ftps"))
>               allowed_protocols |= CURLPROTO_FTPS;
>       curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols);
> +     curl_easy_setopt(result, CURLOPT_PROTOCOLS, allowed_protocols);
>  #else
>       if (transport_restrict_protocols())
>               warning("protocol restrictions not applied to curl redirects 
> because\n"

Because I don't know much about how curl works....Only
http/https/ftp/ftps protocols are allowed to be passed to curl?  Is that
because curl only understands those particular protocols?

-- 
Brandon Williams

Reply via email to