1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
# Description: fix arbitrary file overwrite via 3xx redirect
3
# Origin: upstream, http://lists.gnu.org/archive/html/bug-wget/2010-07/msg00076.html
4
# Bug: https://savannah.gnu.org/bugs/?29958
5
# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590296
8
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget-1.12~/doc/wget.texi wget-1.12/doc/wget.texi
9
--- wget-1.12~/doc/wget.texi 2010-09-03 09:18:48.000000000 -0400
10
+++ wget-1.12/doc/wget.texi 2010-09-03 09:19:04.000000000 -0400
11
@@ -1487,6 +1487,13 @@
12
@code{Content-Disposition} headers to describe what the name of a
13
downloaded file should be.
15
+@cindex Trust server names
16
+@item --trust-server-names
18
+If this is set to on, on a redirect the last component of the
19
+redirection URL will be used as the local file name. By default it is
20
+used the last component in the original URL.
22
@cindex authentication
23
@item --auth-no-challenge
25
@@ -2797,6 +2804,10 @@
26
Turn on recognition of the (non-standard) @samp{Content-Disposition}
27
HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.
29
+@item trust_server_names = on/off
30
+If set to on, use the last component of a redirection URL for the local
33
@item continue = on/off
34
If set to on, force continuation of preexistent partially retrieved
35
files. See @samp{-c} before setting it.
36
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget-1.12~/src/http.c wget-1.12/src/http.c
37
--- wget-1.12~/src/http.c 2009-09-21 23:02:18.000000000 -0400
38
+++ wget-1.12/src/http.c 2010-09-03 09:19:04.000000000 -0400
40
/* The genuine HTTP loop! This is the part where the retrieval is
41
retried, and retried, and retried, and... */
43
-http_loop (struct url *u, char **newloc, char **local_file, const char *referer,
44
- int *dt, struct url *proxy, struct iri *iri)
45
+http_loop (struct url *u, struct url *original_url, char **newloc,
46
+ char **local_file, const char *referer, int *dt, struct url *proxy,
50
bool got_head = false; /* used for time-stamping and filename detection */
53
else if (!opt.content_disposition)
55
- hstat.local_file = url_file_name (u);
57
+ url_file_name (opt.trustservernames ? u : original_url);
63
/* Send preliminary HEAD request if -N is given and we have an existing
64
* destination file. */
65
- file_name = url_file_name (u);
66
+ file_name = url_file_name (opt.trustservernames ? u : original_url);
68
&& !opt.content_disposition
69
&& file_exists_p (file_name))
72
/* Remember that we downloaded the file for later ".orig" code. */
73
if (*dt & ADDED_HTML_EXTENSION)
74
- downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
75
+ downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
77
- downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file);
78
+ downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file);
84
/* Remember that we downloaded the file for later ".orig" code. */
85
if (*dt & ADDED_HTML_EXTENSION)
86
- downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
87
+ downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
89
- downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file);
90
+ downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file);
94
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget-1.12~/src/http.h wget-1.12/src/http.h
95
--- wget-1.12~/src/http.h 2009-09-04 12:31:54.000000000 -0400
96
+++ wget-1.12/src/http.h 2010-09-03 09:19:04.000000000 -0400
101
-uerr_t http_loop (struct url *, char **, char **, const char *, int *,
102
- struct url *, struct iri *);
103
+uerr_t http_loop (struct url *, struct url *, char **, char **, const char *,
104
+ int *, struct url *, struct iri *);
105
void save_cookies (void);
106
void http_cleanup (void);
107
time_t http_atotm (const char *);
108
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget-1.12~/src/init.c wget-1.12/src/init.c
109
--- wget-1.12~/src/init.c 2009-09-21 23:02:41.000000000 -0400
110
+++ wget-1.12/src/init.c 2010-09-03 09:19:04.000000000 -0400
112
{ "timeout", NULL, cmd_spec_timeout },
113
{ "timestamping", &opt.timestamping, cmd_boolean },
114
{ "tries", &opt.ntry, cmd_number_inf },
115
+ { "trustservernames", &opt.trustservernames, cmd_boolean },
116
{ "useproxy", &opt.use_proxy, cmd_boolean },
117
{ "user", &opt.user, cmd_string },
118
{ "useragent", NULL, cmd_spec_useragent },
119
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget-1.12~/src/main.c wget-1.12/src/main.c
120
--- wget-1.12~/src/main.c 2009-09-21 23:03:11.000000000 -0400
121
+++ wget-1.12/src/main.c 2010-09-03 09:19:04.000000000 -0400
123
{ "timeout", 'T', OPT_VALUE, "timeout", -1 },
124
{ "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
125
{ "tries", 't', OPT_VALUE, "tries", -1 },
126
+ { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
127
{ "user", 0, OPT_VALUE, "user", -1 },
128
{ "user-agent", 'U', OPT_VALUE, "useragent", -1 },
129
{ "verbose", 'v', OPT_BOOLEAN, "verbose", -1 },
132
-I, --include-directories=LIST list of allowed directories.\n"),
134
+ --trust-server-names use the name specified by the redirection url last component.\n"),
136
-X, --exclude-directories=LIST list of excluded directories.\n"),
138
-np, --no-parent don't ascend to the parent directory.\n"),
139
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget-1.12~/src/options.h wget-1.12/src/options.h
140
--- wget-1.12~/src/options.h 2009-09-21 23:03:47.000000000 -0400
141
+++ wget-1.12/src/options.h 2010-09-03 09:19:04.000000000 -0400
143
char *encoding_remote;
146
+ bool trustservernames;
148
int ftp_stmlf; /* Force Stream_LF format for binary FTP. */
149
#endif /* def __VMS */
150
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget-1.12~/src/retr.c wget-1.12/src/retr.c
151
--- wget-1.12~/src/retr.c 2009-09-04 12:31:54.000000000 -0400
152
+++ wget-1.12/src/retr.c 2010-09-03 09:19:04.000000000 -0400
155
|| (proxy_url && proxy_url->scheme == SCHEME_HTTP))
157
- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
158
+ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
161
else if (u->scheme == SCHEME_FTP)