* src/progress.c (create_image): Likewise
The note was not even picked by xgettext to be included in the .pot,
so barely any translators even saw the note.
Also, this is one of the most cryptic messages to translate in wget,
unless the translator happens to guess where the string is used,
or looks at the source.
Copyright-paperwork-exempt: Yes
* src/wget.h: Replace XDIGIT_TO_NUM by _unhex()
* src/html-parse.c (decode_entity): Use _unhex()
* src/host.c (is_valid_ipv6_address): Use _unhex()
* src/url.c (url_unescape_1): Use unsigned char to avoid UB
* src/res.c (free_specs): Likewise
Code taken from Wget2. XDIGIT_TO_NUM had a signed issue, detected by
scan-build static anylyzer.
of the header field while RejectHeader rejects ONLY the specified full header.
Since we wanted to be sure a header field is not sent to the server we wrote this rule.
* doc/wget.texi: Added --disable-header documentation.
* fuzz/wget_options_fuzzer.dict: Update with --disable-header inputs.
* src/http.c (disabled_header): Checks for disabled headers
(request_set_header): Doesn't let header to be set if disabled
(gethttp): frees disabled header to let overriding
* src/init.c (cmd_dis_header), (check_user_disabled_header) added new option disabled_headers.
* src/main.c: added new option --disable-header, added help description
* src/options.h: added new option --disable-header
* src/utils.h (vec_remove_header)
* src/utils.c (vec_remove_header) removes all header instances from vector
* testenv/Makefile.am: Added new test files
* testenv/server/http/http_server.py: Added new rule RejectHeaderField
* testenv/conf/reject_header_field.py: Added new rule RejectHeaderField
* testenv/README: Added help description for new rule
* testenv/Test-disable-default-headers.py: Test without using --header
* testenv/Test-disable-headers-after.py: Test using --header before --disable-header
* testenv/Test-disable-headers-before.py: Test using --header after --disable-header
Signed-off-by: sulfastor <torresmoisesa@gmail.com>, adham elkarn <adhamelkarn@hotmail.com>
* .gitignore: Exclude /lib/Makefile.am
* bootstrap.conf: Use --makefile-name=gnulib.mk with gnulib-tool
* configure.ac: Use wget_MANYWARNINGS()
* lib/Makefile.am: Define empty noinst_LIBRARIES and MAINTAINERCLEANFILES
* m4/wget_manywarnings.m4: New file from GNU Wget2
* src/Makefile.am: Use WARN_CFLAGS for AM_CFLAGS
ssl_init fails with openssl 1.1.1 when openssl.cnf is not found.
Redundant calls to intialization functions were removed as
OPENSSL_config takes care of them for openssl versions < 1.1.0.
For versions > 1.1.0, OPENSSL_init_ssl is preferred.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Copyright-paperwork-exempt: Yes
Also the Referer info is reduced to scheme+host+port.
* src/ftp.c (getftp): Change params of set_file_metadata()
* src/http.c (gethttp): Change params of set_file_metadata()
* src/xattr.c (set_file_metadata): Remove user/password from origin URL,
reduce Referer value to scheme/host/port.
* src/xattr.h: Change prototype of set_file_metadata()
* src/init.c (defaults): Set enable_xattr to false by default
* src/main.c (print_help): Reverse option logic of --xattr
* doc/wget.texi: Add description for --xattr
Users may not be aware that the origin URL and Referer are saved
including credentials, and possibly access tokens within
the urls.
This reverts commit 6f3b995993.
The code is obviously wrong, see https://savannah.gnu.org/bugs/?54963
Also, the example from the original post doesn't work any more.
With other words, the broken server behavior has been fixed meanwhile.
* src/openssl.c: Check for OPENSSL_NO_ENGINE before
including openssl/engine.h and before calling ENGINE_load_builtin_engines()
Fixes compilation with no engines compiled.
Copyright-paperwork-exempt: Yes
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Current sufmatch does not match when domain is dot-prefixed.
The example of no_proxy in man (.mit.edu) does use a dot-prefixed
domain.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Copyright-paperwork-exempt: Yes
