diff options
author | Junio C Hamano <gitster@pobox.com> | 2016-12-19 14:45:31 -0800 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-12-19 14:45:32 -0800 |
commit | 8a2882f23ecce3a8742743555a408e508d4db806 (patch) | |
tree | 3e543652bc74d5401d6c3858410ad434ae02451a /http-walker.c | |
parent | 73e494f86239b7edcf44f4c185c997b05c0e763b (diff) | |
parent | cb4d2d35c4622ec2513c1c352d30ff8f9f9cdb9e (diff) | |
download | git-8a2882f23ecce3a8742743555a408e508d4db806.tar.gz |
Merge branch 'jk/http-walker-limit-redirect-2.9'
Transport with dumb http can be fooled into following foreign URLs
that the end user does not intend to, especially with the server
side redirects and http-alternates mechanism, which can lead to
security issues. Tighten the redirection and make it more obvious
to the end user when it happens.
* jk/http-walker-limit-redirect-2.9:
http: treat http-alternates like redirects
http: make redirects more obvious
remote-curl: rename shadowed options variable
http: always update the base URL for redirects
http: simplify update_url_from_redirect
Diffstat (limited to 'http-walker.c')
-rw-r--r-- | http-walker.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/http-walker.c b/http-walker.c index 0b2425531a..25a8b1ad4b 100644 --- a/http-walker.c +++ b/http-walker.c @@ -274,9 +274,8 @@ static void process_alternates_response(void *callback_data) struct strbuf target = STRBUF_INIT; strbuf_add(&target, base, serverlen); strbuf_add(&target, data + i, posn - i - 7); - if (walker->get_verbosely) - fprintf(stderr, "Also look at %s\n", - target.buf); + warning("adding alternate object store: %s", + target.buf); newalt = xmalloc(sizeof(*newalt)); newalt->next = NULL; newalt->base = strbuf_detach(&target, NULL); @@ -302,6 +301,9 @@ static void fetch_alternates(struct walker *walker, const char *base) struct alternates_request alt_req; struct walker_data *cdata = walker->data; + if (http_follow_config != HTTP_FOLLOW_ALWAYS) + return; + /* * If another request has already started fetching alternates, * wait for them to arrive and return to processing this request's |