wget/wget-do-not-propagate-credentials.patch

119 lines
3.8 KiB
Diff
Raw Normal View History

Index: wget-1.21.1/src/http.c
===================================================================
--- wget-1.21.1.orig/src/http.c
+++ wget-1.21.1/src/http.c
@@ -3155,6 +3155,33 @@ fail:
}
#endif /* HAVE_METALINK */
+/*
+ * Check if the corresponding header line should not
+ * be sent after a redirect
+ */
+static inline int
+unredirectable_headerline(char *line)
+{
+ static struct {
+ size_t len;
+ char *name;
+ } field_name[] = {
+ { 14, "Authorization:" },
+ { 7, "Cookie:" },
+ { 0, NULL }
+ };
+ int i;
+
+ /*
+ * Note: According to RFC 2616, Field names are case-insensitive.
+ */
+ for (i = 0; field_name[i].name != NULL; i++)
+ if (strncasecmp(line, field_name[i].name, field_name[i].len) == 0)
+ return 1;
+
+ return 0;
+}
+
/* Retrieve a document through HTTP protocol. It recognizes status
code, and correctly handles redirections. It closes the network
socket. If it receives an error from the functions below it, it
@@ -3167,7 +3194,7 @@ fail:
server, and u->url will be requested. */
static uerr_t
gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
- int *dt, struct url *proxy, struct iri *iri, int count)
+ int *dt, struct url *proxy, struct iri *iri, int count, int location_changed)
{
struct request *req = NULL;
@@ -3314,7 +3341,16 @@ gethttp (const struct url *u, struct url
{
int i;
for (i = 0; opt.user_headers[i]; i++)
- request_set_user_header (req, opt.user_headers[i]);
+ {
+ /*
+ * IF we have been redirected
+ * AND the user-supplied header line should NOT be sent to the new host
+ * DO NOT append that header line
+ */
+ if (location_changed && unredirectable_headerline(opt.user_headers[i]))
+ continue;
+ request_set_user_header (req, opt.user_headers[i]);
+ }
}
proxyauth = NULL;
@@ -4232,7 +4268,7 @@ check_retry_on_http_error (const int sta
uerr_t
http_loop (const struct url *u, struct url *original_url, char **newloc,
char **local_file, const char *referer, int *dt, struct url *proxy,
- struct iri *iri)
+ struct iri *iri, int location_changed)
{
int count;
bool got_head = false; /* used for time-stamping and filename detection */
@@ -4424,7 +4460,7 @@ http_loop (const struct url *u, struct u
*dt &= ~SEND_NOCACHE;
/* Try fetching the document, or at least its head. */
- err = gethttp (u, original_url, &hstat, dt, proxy, iri, count);
+ err = gethttp (u, original_url, &hstat, dt, proxy, iri, count, location_changed);
/* Time? */
tms = datetime_str (time (NULL));
Index: wget-1.21.1/src/http.h
===================================================================
--- wget-1.21.1.orig/src/http.h
+++ wget-1.21.1/src/http.h
@@ -36,7 +36,7 @@ as that of the covered work. */
struct url;
uerr_t http_loop (const struct url *, struct url *, char **, char **, const char *,
- int *, struct url *, struct iri *);
+ int *, struct url *, struct iri *, int);
void save_cookies (void);
void http_cleanup (void);
time_t http_atotm (const char *);
Index: wget-1.21.1/src/retr.c
===================================================================
--- wget-1.21.1.orig/src/retr.c
+++ wget-1.21.1/src/retr.c
@@ -886,7 +886,7 @@ retrieve_url (struct url * orig_parsed,
{
uerr_t result;
char *url;
- bool location_changed;
+ bool location_changed = 0;
bool iri_fallbacked = 0;
int dummy;
char *mynewloc, *proxy;
@@ -985,7 +985,7 @@ retrieve_url (struct url * orig_parsed,
}
#endif
result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
- proxy_url, iri);
+ proxy_url, iri, location_changed);
}
else if (u->scheme == SCHEME_FTP
#ifdef HAVE_SSL