From f4606a796ea1e2ef5c2301e93e4cf4f1dc6d901e Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Sun, 7 Jan 2024 00:07:55 -0500 Subject: [PATCH] tool_getparam: stop supporting `@filename` style for --cookie The `@filename` style was never documented for --cookie but prior to this change curl would accept it anyway and always treat a @ prefixed string as a filename. That's a problem if the string also contains a = sign because then it is documented to be interpreted as a cookie string and not a filename. Example: `--cookie @foo=bar` Before: Interpreted as load cookies from filename foo=bar. After: Interpreted as cookie `@foo=bar` (name `@foo` and value `bar`). Other curl options with a data/filename option-value use the `@filename` to distinguish filenames which is probably how this happened. The --cookie option has never been documented that way. Ref: https://curl.se/docs/manpage.html#-b Closes https://github.com/curl/curl/pull/12645 --- src/tool_getparam.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 571918389d..4c910fd73c 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -1988,16 +1988,15 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ err = getstr(&config->hsts, nextarg, ALLOW_BLANK); break; case C_COOKIE: /* --cookie */ - if(nextarg[0] == '@') { - nextarg++; - } - else if(strchr(nextarg, '=')) { + if(strchr(nextarg, '=')) { /* A cookie string must have a =-letter */ err = add2list(&config->cookies, nextarg); break; } - /* We have a cookie file to read from! */ - err = add2list(&config->cookiefiles, nextarg); + else { + /* We have a cookie file to read from! */ + err = add2list(&config->cookiefiles, nextarg); + } break; case C_USE_ASCII: /* --use-ascii */ config->use_ascii = toggle; -- 2.47.3