HTTP URL fragments are sent to server. Regression of 7.28.1 and possibly 7.20.0 bugfixes. #4412
Comments
|
Silly bug, clearly a lack of imagination when I've written tests for the parser. This bug is triggered when there's a question mark within the fragment. PR pending. |
bagder
added a commit
that referenced
this issue
Sep 24, 2019
The parser would check for a query part before fragment, which caused it to do wrong when the fragment contains a question mark. Extended test 1560 to verify. Reported-by: Alex Konev Fixes #4412
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I did this
curl -vL 'https://share.polymail.io/v1/z/b/NWQ4ODk4NTlkM2Ni/DlLKWxOvfPlY4FkW1o9AA1xYq8QsM3uCBE3kbpbSIPSQGrhQTJglRuoopzFLnhC1jhC88xL3fnMKDszEwi170MWDwxikK_8BEbMrnwrWsZ3WBIbEXrmvdSk6WZ7GxerR5FLp4hlezkvBB-66BAXgOucslcYDBjhJoOF98gT46r7JZXLrjA1rlhV0wMvKmlZfVacRBmi_o-mYGpD0jmnYnQRXDHub4u5glsuqPtWlEqLi4WqOt1aAoENAdoKhYv9REVCZ-T_HGmsA5og5IlUxAzFnzia7NF2kxPdQ8kA=' > /dev/null
curl -v 'https://ufa.maximilians.ru/corporate-new-year/#green?utm_source=yandex&utm_medium=newyear&utm_campaign=ufa-kms' > /dev/null
Both requests resulted with 404 HTTP code. Tried 2 different OS and lib versions.
Possible regression of https://sourceforge.net/p/curl/bugs/1159/
and PHP 7.20.0 BIGFIX "fragment part of URLs are no longer sent to the server"
When performing the same commands with curl 7.29.0 it works as expected and I am getting HTTP 200 codes at the end.
Correct lib version:
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets
I expected the following
and to get the page located at https://ufa.maximilians.ru/corporate-new-year/
curl/libcurl version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1b zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh/0.8.6/openssl/zlib nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
curl 7.66.0 (x86_64-redhat-linux-gnu) libcurl/7.66.0 OpenSSL/1.0.1e-fips zlib/1.2.3 c-ares/1.15.0 libssh2/1.8.2 nghttp2/1.6.0
Release-Date: 2019-09-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB SPNEGO SSL UnixSockets
operating system
Ubuntu 19.04
Linux 5.0.0-29-generic #31-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux
CentOS release 6.10 (Final)
Linux 2.6.32-754.18.2.el6.x86_64 #1 SMP x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: