Hello, Daniel Stenberg and the curl team. i would improve curl example if i do:
┌──(relun㉿relunsec)-[~/Test] └─$ curl https://httpbin.org --ftp-account "anonymous" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>httpbin.org</title> <link href=" https://fonts.googleapis.com/css?family=Open+Sans:400,700|Source+Code+Pro:300,600|Titillium+Web:400,600,700 <https://fonts.googleapis.com/css?family=Open+Sans:400,700%7CSource+Code+Pro:300,600%7CTitillium+Web:400,600,700> " rel="stylesheet"> <link rel="stylesheet" type="text/css" href="/flasgger_static/swagger-ui.css"> <link rel="icon" type="image/png" href="/static/favicon.ico" sizes="64x64 32x32 16x16" /> <style> html { box-sizing: border-box; overflow: -moz-scrollbars-vertical; overflow-y: scroll; } *, *:before, *:after { box-sizing: inherit; } body { margin: 0; background: #fafafa; } </style> </head> <body> <a href="https://github.com/requests/httpbin"; class="github-corner" aria-label="View source on Github"> <svg width="80" height="80" viewBox="0 0 250 250" style="fill:#151513; color:#fff; position: absolute; top: 0; border: 0; right: 0;" aria-hidden="true"> <path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path> <path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path> <path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path> </svg> </a> <svg xmlns="http://www.w3.org/2000/svg"; xmlns:xlink=" http://www.w3.org/1999/xlink"; style="position:absolute;width:0;height:0"> <defs> <symbol viewBox="0 0 20 20" id="unlocked"> <path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z"></path> </symbol> <symbol viewBox="0 0 20 20" id="locked"> <path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z" /> </symbol> <symbol viewBox="0 0 20 20" id="close"> <path d="M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z" /> </symbol> <symbol viewBox="0 0 20 20" id="large-arrow"> <path d="M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z" /> </symbol> <symbol viewBox="0 0 20 20" id="large-arrow-down"> <path d="M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z" /> </symbol> <symbol viewBox="0 0 24 24" id="jump-to"> <path d="M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z" /> </symbol> <symbol viewBox="0 0 24 24" id="expand"> <path d="M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z" /> </symbol> </defs> </svg> <div id="swagger-ui"> <div data-reactroot="" class="swagger-ui"> <div> <div class="information-container wrapper"> <section class="block col-12"> <div class="info"> <hgroup class="main"> <h2 class="title">httpbin.org <small> <pre class="version">0.9.2</pre> </small> </h2> <pre class="base-url">[ Base URL: httpbin.org/ ]</pre> </hgroup> <div class="description"> <div class="markdown"> <p>A simple HTTP Request & Response Service. <br> <br> <b>Run locally: </b> <code>$ docker run -p 80:80 kennethreitz/httpbin</code> </p> </div> </div> <div> <div> <a href="https://kennethreitz.org"; target="_blank">the developer - Website</a> </div> <a href="mailto:m...@kennethreitz.org";>Send email to the developer</a> </div> </div> <!-- ADDS THE LOADER SPINNER --> <div class="loading-container"> <div class="loading"></div> </div> </section> </div> </div> </div> </div> <div class='swagger-ui'> <div class="wrapper"> <section class="clear"> <span style="float: right;"> [Powered by <a target="_blank" href=" https://github.com/rochacbruno/flasgger";>Flasgger</a>] <br> </span> </section> </div> </div> <script src="/flasgger_static/swagger-ui-bundle.js"> </script> <script src="/flasgger_static/swagger-ui-standalone-preset.js"> </script> <script src='/flasgger_static/lib/jquery.min.js' type='text/javascript'></script> <script> window.onload = function () { fetch("/spec.json") .then(function (response) { response.json() .then(function (json) { var current_protocol = window.location.protocol.slice(0, -1); if (json.schemes[0] != current_protocol) { // Switches scheme to the current in use var other_protocol = json.schemes[0]; json.schemes[0] = current_protocol; json.schemes[1] = other_protocol; } json.host = window.location.host; // sets the current host const ui = SwaggerUIBundle({ spec: json, validatorUrl: null, dom_id: '#swagger-ui', deepLinking: true, jsonEditor: true, docExpansion: "none", apisSorter: "alpha", //operationsSorter: "alpha", presets: [ SwaggerUIBundle.presets.apis, // yay ES6 modules ↘ Array.isArray(SwaggerUIStandalonePreset) ? SwaggerUIStandalonePreset : SwaggerUIStandalonePreset.default ], plugins: [ SwaggerUIBundle.plugins.DownloadUrl ], // layout: "StandaloneLayout" // uncomment to enable the green top header }) window.ui = ui // uncomment to rename the top brand if layout is enabled // $(".topbar-wrapper .link span").replaceWith("<span>httpbin</span>"); }) }) } </script> <div class='swagger-ui'> <div class="wrapper"> <section class="block col-12 block-desktop col-12-desktop"> <div> <h2>Other Utilities</h2> <ul> <li> <a href="/forms/post">HTML form</a> that posts to /post /forms/post</li> </ul> <br /> <br /> </div> </section> </div> </div> </body> </html> ┌──(relun㉿relunsec)-[~/Test] └─$ so instead of throwing an error the command succeeded. and also for ┌──(relun㉿relunsec)-[~/Test] └─$ curl ftp://ftp.ubuntu.com -d "hello=1" drwxr-xr-x 7 998 998 4096 Aug 15 06:45 ubuntu ┌──(relun㉿relunsec)-[~/Test] └─$ -d only for POST Requests not for FTP and again succeeded. so i recommend deny all invalid options depends of Schema example ftp:/// schema throw instead "Option -d cannot be used with FTP" or similar you can throw any message you would and same for HTTP and SMTP and other schema deny all invalid options example curl https://127.0.0.1:8443/ --ftp-pasv should throw a error like "--ftp-pasv cannot used with HTTP/HTTPS target" or similar. So in general this recommended reject invalid options and validate input make curl more better and user friendly tool bad is ignore silently and using this make also improve security so i recommend secure coding and "Input Validation" validate user input is match the protocol and throw a error for ease of use and also script rely in this can be check is fail or not? Dear RelunSec
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
