Disable cURL protocols other than HTTP and HTTPS
88a5c627a2f8
Actions

Authored by epriestley <git@epriestley.com> on Feb 8 2013, 17:37.

Description

Disable cURL protocols other than HTTP and HTTPS

Summary:
See here for lols:

http://blog.volema.com/curl-rce.html

Although I'm not terribly worried about someone actually building a payload for this and mounting an attack, the underlying behavior is very silly. Shut this class of things down so that we never have to debug arc raising FTP errors, if nothing else.

Test Plan: Ran arc network commands.

Reviewers: btrahan, vrana, indiefan

Reviewed By: indiefan

CC: indiefan, aran

Differential Revision: https://secure.phabricator.com/D4864

Details

Committed

epriestley <git@epriestley.com>

Feb 8 2013, 17:37

Pushed

aubort

Mar 17 2017, 12:03

Parents

rPHU2ff289b8fa6a: Fix Filesystem::executeRemovePath

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHU88a5c627a2f8: Disable cURL protocols other than HTTP and HTTPS (authored by epriestley <git@epriestley.com>).Feb 8 2013, 17:37

Changes (1)

				Path
	M			src/future/http/HTTPSFuture.php

rPHU88a5c627a2f8

View Options

src/future/http/HTTPSFuture.php