desktop,extensions: updater: only allow redirects to HTTP/HTTPS

Configure curl to prevent redirects to other protocols. Change-Id: Ied73b3d9a062ea6e0a1d594f4c12162dffd6c4a7
author: Michael Stahl <mstahl@redhat.com> 2017-08-09 17:38:14 +0200
committer: Michael Stahl <mstahl@redhat.com> 2017-08-09 18:16:32 +0200
commit: bd60bbfbdfbeb2687297e4512ddbea62a394ae67 (patch)
tree: 117891076b143c4c8eb792037161b5b5a8d194af /desktop/source/app/updater.cxx
parent: 152a1d279cbc81e7b5f076a2c4b20c12c6929ce6 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/desktop/source/app/updater.cxx b/desktop/source/app/updater.cxx
index 7e328a1a68d3..f855a15672a0 100644
--- a/desktop/source/app/updater.cxx
+++ b/desktop/source/app/updater.cxx
@@ -512,6 +512,8 @@ std::string download_content(const OString& rURL, bool bFile, OUString& rHash)
     headerlist = curl_slist_append(headerlist, buf);
     curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
     curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); // follow redirects
+    // only allow redirect to http:// and https://
+    curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
 
     std::string response_body;
     utl::TempFile aTempFile;
author	Michael Stahl <mstahl@redhat.com>	2017-08-09 17:38:14 +0200
committer	Michael Stahl <mstahl@redhat.com>	2017-08-09 18:16:32 +0200
commit	bd60bbfbdfbeb2687297e4512ddbea62a394ae67 (patch)
tree	117891076b143c4c8eb792037161b5b5a8d194af /desktop/source/app/updater.cxx
parent	152a1d279cbc81e7b5f076a2c4b20c12c6929ce6 (diff)