Merge branch 'jc/http-cookiefile'

The http.cookieFile and http.saveCookies configuration variables have a few values that need to be avoided, which are now ignored with warning messages. * jc/http-cookiefile: http.c: cookie file tightening
author: Junio C Hamano <gitster@pobox.com> 2024-07-17 10:47:25 -0700
committer: Junio C Hamano <gitster@pobox.com> 2024-07-17 10:47:26 -0700
commit: dd6d10285b91af584d0f9316467d870fa3d20c1d (patch)
tree: 3b6d5e81dd7ffe7b9076e5bcd7067d340cbc9a03 /http.c
parent: b19a8c00c6e85245b1cd5c5ca2cfb7c58fb11452 (diff)
parent: 4f5822076f41d13258f82bd2ff7bde2630a611a0 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/http.c b/http.c
index 81b5cf8039..623ed23489 100644
--- a/http.c
+++ b/http.c
@@ -1509,7 +1509,16 @@ struct active_request_slot *get_active_slot(void)
 	slot->finished = NULL;
 	slot->callback_data = NULL;
 	slot->callback_func = NULL;
+
+	if (curl_cookie_file && !strcmp(curl_cookie_file, "-")) {
+		warning(_("refusing to read cookies from http.cookiefile '-'"));
+		FREE_AND_NULL(curl_cookie_file);
+	}
 	curl_easy_setopt(slot->curl, CURLOPT_COOKIEFILE, curl_cookie_file);
+	if (curl_save_cookies && (!curl_cookie_file || !curl_cookie_file[0])) {
+		curl_save_cookies = 0;
+		warning(_("ignoring http.savecookies for empty http.cookiefile"));
+	}
 	if (curl_save_cookies)
 		curl_easy_setopt(slot->curl, CURLOPT_COOKIEJAR, curl_cookie_file);
 	curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, pragma_header);
author	Junio C Hamano <gitster@pobox.com>	2024-07-17 10:47:25 -0700
committer	Junio C Hamano <gitster@pobox.com>	2024-07-17 10:47:26 -0700
commit	dd6d10285b91af584d0f9316467d870fa3d20c1d (patch)
tree	3b6d5e81dd7ffe7b9076e5bcd7067d340cbc9a03 /http.c
parent	b19a8c00c6e85245b1cd5c5ca2cfb7c58fb11452 (diff)
parent	4f5822076f41d13258f82bd2ff7bde2630a611a0 (diff)