tool_getparam: warn on more unicode prefixes

If a string argument is expected and the first two bytes are 0xe2 ex80
and the third has the 7th bit set, that's enough for curl to warn.

Previously we tried to detect and warn only for the unicode double
quote, but users might use single quotes, other quotes or even lead the
argument with one of the "zero widths" characters. This is an attempt to
detect many of those. Without triggering for "normal" IDN hostnames.

Closes #18459

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 165a4bfb6a582226226329b94d3fc8a4a2fe6001..6be57dbd5c310a6c113af49c7cecbf6da07f06cd 100644 (file)
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -2808,6 +2808,12 @@ static ParameterError opt_filestring(struct OperationConfig *config,
   return err;
 }
 
+/* detect e2 80 80 - e2 80 ff */
+static bool has_leading_unicode(const unsigned char *arg)
+{
+  return ((arg[0] == 0xe2) && (arg[1] == 0x80) && (arg[2] & 0x80));
+}
+
 /* the longest command line option, excluding the leading -- */
 #define MAX_OPTION_LEN 26
 
@@ -2947,10 +2953,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         warnf("The filename argument '%s' looks like a flag.",
               nextarg);
       }
-      else if(!strncmp("\xe2\x80\x9c", nextarg, 3)) {
-        warnf("The argument '%s' starts with a Unicode quote where "
-              "maybe an ASCII \" was intended?",
-              nextarg);
+      else if(has_leading_unicode((const unsigned char *)nextarg)) {
+        warnf("The argument '%s' starts with a Unicode character. "
+              "Maybe ASCII was intended?", nextarg);
       }
       /* ARG_FILE | ARG_STRG */
       err = opt_filestring(config, a, nextarg);

diff --git a/tests/data/test469 b/tests/data/test469
index 1e394c9f260cbbfb6ff47cbc11fc57a46baab2e3..87754a2646547c1989fc170b94b2a48aebfad0a6 100644 (file)
--- a/tests/data/test469
+++ b/tests/data/test469
@@ -45,8 +45,8 @@ warn about Unicode quote character
 # Verify data after the test has been "shot"
 <verify>
 <stderr>
-%hex[Warning: The argument '%e2%80%9chost:' starts with a Unicode quote where maybe an ]hex%
-Warning: ASCII " was intended?
+%hex[Warning: The argument '%e2%80%9chost:' starts with a Unicode character. Maybe ASCII ]hex%
+Warning: was intended?
 </stderr>
 </verify>
 </testcase>

diff --git a/tests/data/test470 b/tests/data/test470
index 5667bbb590f65a8586cf3af732e3ab1740be1ff3..547121d11a8ac018003a68aac8916f31c2fb7d31 100644 (file)
--- a/tests/data/test470
+++ b/tests/data/test470
@@ -45,8 +45,8 @@ warn about Unicode quote character read from config file
 # Verify data after the test has been "shot"
 <verify>
 <stderr mode="text">
-%hex[Warning: The argument '%e2%80%9chost:fake%e2%80%9d' starts with a Unicode quote where ]hex%
-Warning: maybe an ASCII " was intended?
+%hex[Warning: The argument '%e2%80%9chost:fake%e2%80%9d' starts with a Unicode character. Maybe ]hex%
+Warning: ASCII was intended?
 </stderr>
 </verify>
 </testcase>