Hrvoje Niksic <[EMAIL PROTECTED]> writes:
> A fix that applies to 1.9.1 follows in a separate mail.
> Distributors of Wget will probably want to make sure to include the
> appropriate patch.
Here is that fix.
2005-05-07 Hrvoje Niksic <[EMAIL PROTECTED]>
* ftp-basic.c (ftp_request): Pr
A newline in an FTP URL can causes Wget to effectively send the
URL-specified command to the server. Since URL may come from the
network, this can be construed as a vulnerability.
A separate fix that applies to 1.9.1 follows in a separate mail.
Distributors of Wget will probably want to make sure
Hrvoje Niksic <[EMAIL PROTECTED]> writes:
>> Can I have it not do the translation ??!
>
> Unfortunately, only by changing the source code as described in the
> previous mail.
BTW I've just changed the CVS code to not decode the % sequences.
Wget 1.10 will contain the fix.
Will Kuhn <[EMAIL PROTECTED]> writes:
> Yes. I am sure the translation is messing things up. I used telnet
> to the port 80 of the web site. If I use hotmail%2ecom instead of
> hotmail.com the file is downloaded. Otherwise, I got a
> redirection. It took me a couple days to nail this down. I did a
Will Kuhn <[EMAIL PROTECTED]> writes:
> I try to do something like
> wget "http://website.com/ ...
> login=username&domain=hotmail%2ecom&_lang=EN"
>
> But when wget sends the URL out, the "hotmail%2ecom"
> becomes "hotmail.com" !!! Is this the supposed
> behaviour ?
Yes.
> I saw this on the snif
I try to do something like
wget "http://website.com/ ...
login=username&domain=hotmail%2ecom&_lang=EN"
But when wget sends the URL out, the "hotmail%2ecom"
becomes "hotmail.com" !!! Is this the supposed
behaviour ? I saw this on the sniffer. I suppose the
translation of "%2" to "." is done by wget
Alain Guibert <[EMAIL PROTECTED]> writes:
> I can now confirm: Alpha3+configure.in patch builds cleanly on Debian Bo
> even without --disable-ipv6:
Excellent. Thanks for testing this.
On Saturday, April 30, 2005 at 8:31:14 PM +0200, Hrvoje Niksic wrote:
> Alain Guibert <[EMAIL PROTECTED]> writes:
>> On Friday, April 29, 2005 at 2:15:55 PM +0200, Hrvoje Niksic wrote:
>>> The problem was that the check for sockaddr_in6 set ipv6 to "yes" if
>>> successful, overriding other tests