From 328977cfec1c5f370043d27b64ded201da95a380 Mon Sep 17 00:00:00 2001
From: Andrei Karas <akaras@inbox.ru>
Date: Fri, 8 Feb 2013 17:59:11 +0300
Subject: Block any protocols in curl except HTTP and HTTPS.

---
 src/net/download.cpp | 9 +++++++++
 src/net/download.h   | 2 ++
 2 files changed, 11 insertions(+)

(limited to 'src/net')

diff --git a/src/net/download.cpp b/src/net/download.cpp
index 7fb799fa0..838038f7c 100644
--- a/src/net/download.cpp
+++ b/src/net/download.cpp
@@ -253,6 +253,7 @@ int Download::downloadThread(void *ptr)
             curl_easy_setopt(d->mCurl, CURLOPT_CONNECTTIMEOUT, 30);
             curl_easy_setopt(d->mCurl, CURLOPT_TIMEOUT, 1800);
             addProxy(d->mCurl);
+            secureCurl(d->mCurl);
 
             if ((res = curl_easy_perform(d->mCurl)) != 0
                 && !d->mOptions.cancel)
@@ -410,4 +411,12 @@ void Download::addProxy(CURL *curl)
     }
 }
 
+void Download::secureCurl(CURL *curl)
+{
+    curl_easy_setopt(curl, CURLOPT_PROTOCOLS,
+        CURLPROTO_HTTP | CURLPROTO_HTTPS);
+    curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS,
+        CURLPROTO_HTTP | CURLPROTO_HTTPS);
+}
+
 } // namespace Net
diff --git a/src/net/download.h b/src/net/download.h
index 77f1d1ccc..f9f842588 100644
--- a/src/net/download.h
+++ b/src/net/download.h
@@ -97,6 +97,8 @@ class Download final
 
         static void addProxy(CURL *curl);
 
+        static void secureCurl(CURL *curl);
+
     private:
         static int downloadThread(void *ptr);
         static int downloadProgress(void *clientp, double dltotal,
-- 
cgit v1.2.3-70-g09d2