curl.1 document -J doesn't %-decode

...also added as KNOWN_BUG #87 with reference to bug #1294

diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index aa39b8082e779832b22e1dbf06d1587d88b4bcf9..e838fefdc6ca2483557abf0d08cc4a5145c7814d 100644 (file)
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,6 +3,14 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!
 
+87. -J/--remote-header-name doesn't decode %-encoded file names. RFC6266
+  details how it should be done. The can of worm is basically that we have no
+  charset handling in curl and ascii >=128 is a challenge for us. Not to
+  mention that decoding also means that we need to check for nastyness that is
+  attempted, like "../" sequences and the like. Probably everything to the left
+  of any embedded slashes should be cut off.
+  http://curl.haxx.se/bug/view.cgi?id=1294
+
 86. The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3
   and SMTP if a failure occures during the authentication phase of a
   connection.

diff --git a/docs/curl.1 b/docs/curl.1
index e94827f7b12def586224985eeb8d93a6621a3b4b..49194762ae2000df540f6b982ac860be3008a92e 100644 (file)
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -711,6 +711,9 @@ cookies when they're closed down.
 (HTTP) This option tells the \fI-O, --remote-name\fP option to use the
 server-specified Content-Disposition filename instead of extracting a filename
 from the URL.
+
+There's no attempt to decode %-sequences (yet) in the provided file name, so
+this option may provide you with rather unexpected file names.
 .IP "-k, --insecure"
 (SSL) This option explicitly allows curl to perform "insecure" SSL connections
 and transfers. All SSL connections are attempted to be made secure by using