Skip to content
Permalink
Browse files

wget: #1566

  • Loading branch information...
MingcongBai committed Jan 15, 2019
1 parent c610f4a commit dc729286106b2fdb44a87bbb03dd2270f845e7cd
@@ -0,0 +1,69 @@
From c125d24762962d91050d925fbbd9e6f30b2302f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Wed, 26 Dec 2018 13:51:48 +0100
Subject: Don't use extended attributes (--xattr) by default

* src/init.c (defaults): Set enable_xattr to false by default
* src/main.c (print_help): Reverse option logic of --xattr
* doc/wget.texi: Add description for --xattr

Users may not be aware that the origin URL and Referer are saved
including credentials, and possibly access tokens within
the urls.
---
doc/wget.texi | 8 ++++++++
src/init.c | 4 ----
src/main.c | 2 +-
3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/doc/wget.texi b/doc/wget.texi
index 7ae19d8..a6cb15e 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -540,6 +540,14 @@ right NUMBER.
Set preferred location for Metalink resources. This has effect if multiple
resources with same priority are available.

+@cindex xattr
+@item --xattr
+Enable use of file system's extended attributes to save the
+original URL and the Referer HTTP header value if used.
+
+Be aware that the URL might contain private information like
+access tokens or credentials.
+

@cindex force html
@item -F
diff --git a/src/init.c b/src/init.c
index b829a2c..51b6361 100644
--- a/src/init.c
+++ b/src/init.c
@@ -507,11 +507,7 @@ defaults (void)
opt.hsts = true;
#endif

-#ifdef ENABLE_XATTR
- opt.enable_xattr = true;
-#else
opt.enable_xattr = false;
-#endif
}

/* Return the user's home directory (strdup-ed), or NULL if none is
diff --git a/src/main.c b/src/main.c
index ff41c8d..4408ffb 100644
--- a/src/main.c
+++ b/src/main.c
@@ -755,7 +755,7 @@ Download:\n"),
#endif
#ifdef ENABLE_XATTR
N_("\
- --no-xattr turn off storage of metadata in extended file attributes\n"),
+ --xattr turn on storage of metadata in extended file attributes\n"),
#endif
"\n",

--
cgit v1.0-41-gc330

@@ -0,0 +1,123 @@
From 3cdfb594cf75f11cdbb9702ac5e856c332ccacfa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Wed, 26 Dec 2018 14:38:18 +0100
Subject: Don't save user/pw with --xattr

Also the Referer info is reduced to scheme+host+port.

* src/ftp.c (getftp): Change params of set_file_metadata()
* src/http.c (gethttp): Change params of set_file_metadata()
* src/xattr.c (set_file_metadata): Remove user/password from origin URL,
reduce Referer value to scheme/host/port.
* src/xattr.h: Change prototype of set_file_metadata()
---
src/ftp.c | 2 +-
src/http.c | 4 ++--
src/xattr.c | 24 ++++++++++++++++++++----
src/xattr.h | 3 ++-
4 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/ftp.c b/src/ftp.c
index 3f4ab53..6b8bdf8 100644
--- a/src/ftp.c
+++ b/src/ftp.c
@@ -1580,7 +1580,7 @@ Error in server response, closing control connection.\n"));

#ifdef ENABLE_XATTR
if (opt.enable_xattr)
- set_file_metadata (u->url, NULL, fp);
+ set_file_metadata (u, NULL, fp);
#endif

fd_close (local_sock);
diff --git a/src/http.c b/src/http.c
index d77762f..a01fc57 100644
--- a/src/http.c
+++ b/src/http.c
@@ -4113,9 +4113,9 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
if (opt.enable_xattr)
{
if (original_url != u)
- set_file_metadata (u->url, original_url->url, fp);
+ set_file_metadata (u, original_url, fp);
else
- set_file_metadata (u->url, NULL, fp);
+ set_file_metadata (u, NULL, fp);
}
#endif

diff --git a/src/xattr.c b/src/xattr.c
index 6652422..0f20fad 100644
--- a/src/xattr.c
+++ b/src/xattr.c
@@ -21,6 +21,7 @@
#include <string.h>

#include "log.h"
+#include "utils.h"
#include "xattr.h"

#ifdef USE_XATTR
@@ -57,7 +58,7 @@ write_xattr_metadata (const char *name, const char *value, FILE *fp)
#endif /* USE_XATTR */

int
-set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp)
+set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp)
{
/* Save metadata about where the file came from (requested, final URLs) to
* user POSIX Extended Attributes of retrieved file.
@@ -67,13 +68,28 @@ set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp)
* [http://0pointer.de/lennart/projects/mod_mime_xattr/].
*/
int retval = -1;
+ char *value;

if (!origin_url || !fp)
return retval;

- retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (origin_url), fp);
- if ((!retval) && referrer_url)
- retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (referrer_url), fp);
+ value = url_string (origin_url, URL_AUTH_HIDE);
+ retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (value), fp);
+ xfree (value);
+
+ if (!retval && referrer_url)
+ {
+ struct url u;
+
+ memset(&u, 0, sizeof(u));
+ u.scheme = referrer_url->scheme;
+ u.host = referrer_url->host;
+ u.port = referrer_url->port;
+
+ value = url_string (&u, 0);
+ retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (value), fp);
+ xfree (value);
+ }

return retval;
}
diff --git a/src/xattr.h b/src/xattr.h
index 10f3ed1..40c7a8d 100644
--- a/src/xattr.h
+++ b/src/xattr.h
@@ -16,12 +16,13 @@
along with this program; if not, see <http://www.gnu.org/licenses/>. */

#include <stdio.h>
+#include <url.h>

#ifndef _XATTR_H
#define _XATTR_H

/* Store metadata name/value attributes against fp. */
-int set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp);
+int set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp);

#if defined(__linux)
/* libc on Linux has fsetxattr (5 arguments). */
--
cgit v1.0-41-gc330

@@ -1,2 +1,3 @@
VER=1.19.5
REL=1
SRCTBL="https://ftp.gnu.org/gnu/wget/wget-$VER.tar.lz"

0 comments on commit dc72928

Please sign in to comment.
You can’t perform that action at this time.