]> sjero.net Git - wget/blobdiff - src/recur.c
projects / wget / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[svn] Fix for bug #20296: User:pass@ given in Referer header.
[wget] / src / recur.c
diff --git a/src/recur.c b/src/recur.c
index 53cd39cdc618311ecba790588478d1e3b4963fb7..9ecb7d8efb8bfd8bfe33271e0a1d2a8e7c8b283c 100644 (file)
--- a/src/recur.c
+++ b/src/recur.c
@@ -324,8 +324,14 @@ retrieve_tree (const char *start_url)
            {
              struct urlpos *child = children;
              struct url *url_parsed = url_parsed = url_parse (url, NULL);
+              char *referer_url = url;
+              bool strip_auth = url_parsed->user;
              assert (url_parsed != NULL);
 
+              /* Strip auth info if present */
+              if (strip_auth)
+                referer_url = url_string (url_parsed, URL_AUTH_HIDE);
+
              for (; child; child = child->next)
                {
                  if (child->ignore_when_downloading)
@@ -336,7 +342,7 @@ retrieve_tree (const char *start_url)
                                        blacklist))
                    {
                      url_enqueue (queue, xstrdup (child->url->url),
-                                  xstrdup (url), depth + 1,
+                                  xstrdup (referer_url), depth + 1,
                                   child->link_expect_html);
                      /* We blacklist the URL we have enqueued, because we
                         don't want to enqueue (and hence download) the
@@ -345,6 +351,8 @@ retrieve_tree (const char *start_url)
                    }
                }
 
+              if (strip_auth)
+                xfree (referer_url);
              url_free (url_parsed);
              free_urlpos (children);
            }
@@ -428,7 +436,7 @@ download_child_p (const struct urlpos *upos, struct url *parent, int depth,
     {
       if (opt.spider) 
        {
-          char *referrer = url_string (parent, true);
+          char *referrer = url_string (parent, URL_AUTH_HIDE_PASSWD);
           DEBUGP (("download_child_p: parent->url is: `%s'\n", parent->url));
           visited_url (url, referrer);
          xfree (referrer);
@@ -628,3 +636,5 @@ descend_redirect_p (const char *redirected, const char *original, int depth,
 
   return success;
 }
+
+/* vim:set sts=2 sw=2 cino+={s: */
GNU Wget (from http://git.savannah.gnu.org/cgit/wget.git). Modified to allow selection of TCP source port. Clone using: git clone http://sjero.net/src/wget/ wget