1
fix arbitrary file overwrite via 3xx redirect -- Origin: upstream, http://lists.gnu.org/archive/html/bug-wget/2010-07/msg00076.html -- Bug: https://savannah.gnu.org/bugs/?29958 -- Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590296
6
@code{Content-Disposition} headers to describe what the name of a
7
downloaded file should be.
9
+@cindex Trust server names
10
+@item --trust-server-names
12
+If this is set to on, on a redirect the last component of the
13
+redirection URL will be used as the local file name. By default it is
14
+used the last component in the original URL.
16
@cindex authentication
17
@item --auth-no-challenge
19
@@ -2797,6 +2804,10 @@
20
Turn on recognition of the (non-standard) @samp{Content-Disposition}
21
HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.
23
+@item trust_server_names = on/off
24
+If set to on, use the last component of a redirection URL for the local
27
@item continue = on/off
28
If set to on, force continuation of preexistent partially retrieved
29
files. See @samp{-c} before setting it.
33
/* The genuine HTTP loop! This is the part where the retrieval is
34
retried, and retried, and retried, and... */
36
-http_loop (struct url *u, char **newloc, char **local_file, const char *referer,
37
- int *dt, struct url *proxy, struct iri *iri)
38
+http_loop (struct url *u, struct url *original_url, char **newloc,
39
+ char **local_file, const char *referer, int *dt, struct url *proxy,
43
bool got_head = false; /* used for time-stamping and filename detection */
46
else if (!opt.content_disposition)
48
- hstat.local_file = url_file_name (u);
50
+ url_file_name (opt.trustservernames ? u : original_url);
56
/* Send preliminary HEAD request if -N is given and we have an existing
57
* destination file. */
58
- file_name = url_file_name (u);
59
+ file_name = url_file_name (opt.trustservernames ? u : original_url);
61
&& !opt.content_disposition
62
&& file_exists_p (file_name))
65
/* Remember that we downloaded the file for later ".orig" code. */
66
if (*dt & ADDED_HTML_EXTENSION)
67
- downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
68
+ downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
70
- downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file);
71
+ downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file);
77
/* Remember that we downloaded the file for later ".orig" code. */
78
if (*dt & ADDED_HTML_EXTENSION)
79
- downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
80
+ downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
82
- downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file);
83
+ downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file);
93
-uerr_t http_loop (struct url *, char **, char **, const char *, int *,
94
- struct url *, struct iri *);
95
+uerr_t http_loop (struct url *, struct url *, char **, char **, const char *,
96
+ int *, struct url *, struct iri *);
97
void save_cookies (void);
98
void http_cleanup (void);
99
time_t http_atotm (const char *);
103
{ "timeout", NULL, cmd_spec_timeout },
104
{ "timestamping", &opt.timestamping, cmd_boolean },
105
{ "tries", &opt.ntry, cmd_number_inf },
106
+ { "trustservernames", &opt.trustservernames, cmd_boolean },
107
{ "useproxy", &opt.use_proxy, cmd_boolean },
108
{ "user", &opt.user, cmd_string },
109
{ "useragent", NULL, cmd_spec_useragent },
113
{ "timeout", 'T', OPT_VALUE, "timeout", -1 },
114
{ "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
115
{ "tries", 't', OPT_VALUE, "tries", -1 },
116
+ { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
117
{ "user", 0, OPT_VALUE, "user", -1 },
118
{ "user-agent", 'U', OPT_VALUE, "useragent", -1 },
119
{ "verbose", 'v', OPT_BOOLEAN, "verbose", -1 },
122
-I, --include-directories=LIST list of allowed directories.\n"),
124
+ --trust-server-names use the name specified by the redirection url last component.\n"),
126
-X, --exclude-directories=LIST list of excluded directories.\n"),
128
-np, --no-parent don't ascend to the parent directory.\n"),
132
char *encoding_remote;
135
+ bool trustservernames;
137
int ftp_stmlf; /* Force Stream_LF format for binary FTP. */
138
#endif /* def __VMS */
143
|| (proxy_url && proxy_url->scheme == SCHEME_HTTP))
145
- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
146
+ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
149
else if (u->scheme == SCHEME_FTP)