Disable cURL protocols other than HTTP and HTTPS
88a5c627a2f8
Actions

Authored by epriestley <git@epriestley.com> on Feb 8 2013, 17:37.

Description

Disable cURL protocols other than HTTP and HTTPS

Summary:
See here for lols:

http://blog.volema.com/curl-rce.html

Although I'm not terribly worried about someone actually building a payload for this and mounting an attack, the underlying behavior is very silly. Shut this class of things down so that we never have to debug arc raising FTP errors, if nothing else.

Test Plan: Ran arc network commands.

Reviewers: btrahan, vrana, indiefan

Reviewed By: indiefan

CC: indiefan, aran

Differential Revision: https://secure.phabricator.com/D4864

Details

Committed

epriestley <git@epriestley.com>

Feb 8 2013, 17:37

Pushed

aubort

Mar 17 2017, 12:03

Branches

Unknown

Tags

Unknown

[HTTP/500] Internal Server Error FilesystemException: Failed to create a temporary directory: the disk is full.[HTTP/500] Internal Server Error FilesystemException: Failed to create a temporary directory: the disk is full.

Event Timeline

epriestley <git@epriestley.com> committed rPHU88a5c627a2f8: Disable cURL protocols other than HTTP and HTTPS (authored by epriestley <git@epriestley.com>).Feb 8 2013, 17:37

Changes (1)

				Path
	M			src/future/http/HTTPSFuture.php

rPHU88a5c627a2f8

View Options

src/future/http/HTTPSFuture.php