diff options
| -rw-r--r-- | desktop/source/app/updater.cxx | 2 | ||||
| -rw-r--r-- | extensions/source/update/check/download.cxx | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/desktop/source/app/updater.cxx b/desktop/source/app/updater.cxx index 7e328a1a68d3..f855a15672a0 100644 --- a/desktop/source/app/updater.cxx +++ b/desktop/source/app/updater.cxx @@ -512,6 +512,8 @@ std::string download_content(const OString& rURL, bool bFile, OUString& rHash) headerlist = curl_slist_append(headerlist, buf); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); // follow redirects + // only allow redirect to http:// and https:// + curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); std::string response_body; utl::TempFile aTempFile; diff --git a/extensions/source/update/check/download.cxx b/extensions/source/update/check/download.cxx index 4e557f02a8f1..7bc20f874f89 100644 --- a/extensions/source/update/check/download.cxx +++ b/extensions/source/update/check/download.cxx @@ -235,6 +235,8 @@ bool curl_run(const OUString& rURL, OutData& out, const OString& aProxyHost, sal // enable redirection curl_easy_setopt(pCURL, CURLOPT_FOLLOWLOCATION, 1); + // only allow redirect to http:// and https:// + curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); // write function curl_easy_setopt(pCURL, CURLOPT_WRITEDATA, &out); |