login options: remove the ;[options] support from CURLOPT_USERPWD

To avoid the regression when users pass in passwords containing semi- colons, we now drop the ability to set the login options with the same options. Support for login options in CURLOPT_USERPWD was added in 7.31.0. Test case 83 was modified to verify that colons and semi-colons can be used as part of the password when using -u (CURLOPT_USERPWD). Bug: http://curl.haxx.se/bug/view.cgi?id=1311 Reported-by: Petr Bahula Assisted-by: Steve Holme Signed-off-by: Daniel Stenberg <daniel@haxx.se>
2013-12-14 22:39:27 +01:00
parent 32b9c30e67
commit 169fedbdce
12 changed files with 33 additions and 33 deletions
--- a/lib/url.c
+++ b/lib/url.c
@@ -299,13 +299,11 @@ static CURLcode setstropt(char **charp, char *s)
  return CURLE_OK;
 }

-static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
-                                  char **optionsp)
+static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp)
 {
  CURLcode result = CURLE_OK;
  char *user = NULL;
  char *passwd = NULL;
-  char *options = NULL;

  /* Parse the login details if specified. It not then we treat NULL as a hint
     to clear the existing data */
@@ -313,7 +311,7 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
    result = parse_login_details(option, strlen(option),
                                 (userp ? &user : NULL),
                                 (passwdp ? &passwd : NULL),
-                                 (optionsp ? &options : NULL));
+                                 NULL);
  }

  if(!result) {
@@ -335,12 +333,6 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
      Curl_safefree(*passwdp);
      *passwdp = passwd;
    }
-
-    /* Store the options part of option if required */
-    if(optionsp) {
-      Curl_safefree(*optionsp);
-      *optionsp = options;
-    }
  }

  return result;
@@ -1553,12 +1545,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,

  case CURLOPT_USERPWD:
    /*
-     * user:password;options to use in the operation
+     * user:password to use in the operation
     */
    result = setstropt_userpwd(va_arg(param, char *),
                               &data->set.str[STRING_USERNAME],
-                               &data->set.str[STRING_PASSWORD],
-                               &data->set.str[STRING_OPTIONS]);
+                               &data->set.str[STRING_PASSWORD]);
    break;

  case CURLOPT_USERNAME:
@@ -1577,7 +1568,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
                       va_arg(param, char *));
    break;

-  case CURLOPT_OPTIONS:
+  case CURLOPT_LOGIN_OPTIONS:
    /*
     * authentication options to use in the operation
     */
@@ -1662,7 +1653,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     */
    result = setstropt_userpwd(va_arg(param, char *),
                               &data->set.str[STRING_PROXYUSERNAME],
-                               &data->set.str[STRING_PROXYPASSWORD], NULL);
+                               &data->set.str[STRING_PROXYPASSWORD]);
    break;
  case CURLOPT_PROXYUSERNAME:
    /*