Introduce --trust-server-names. Close CVE-2010-2252.

[wget] / doc / wget.texi

diff --git a/doc/wget.texi b/doc/wget.texi
index d5eaf4e5f460b968c59a008ba3baf9f04678697f..627e0059461a9dd9fb10e3087cda83c2a8a0b6b9 100644 (file)
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1498,6 +1498,13 @@ This option is useful for some file-downloading CGI programs that use
 @code{Content-Disposition} headers to describe what the name of a
 downloaded file should be.
 
+@cindex Trust server names
+@item --trust-server-names
+
+If this is set to on, on a redirect the last component of the
+redirection URL will be used as the local file name.  By default it is
+used the last component in the original URL.
+
 @cindex authentication
 @item --auth-no-challenge
 
@@ -2810,6 +2817,10 @@ Set the connect timeout---the same as @samp{--connect-timeout}.
 Turn on recognition of the (non-standard) @samp{Content-Disposition}
 HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.
 
+@item trust_server_names = on/off
+If set to on, use the last component of a redirection URL for the local
+file name.
+
 @item continue = on/off
 If set to on, force continuation of preexistent partially retrieved
 files.  See @samp{-c} before setting it.