curl: reject file:// URLs

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@8503 d7cf8633-e32d-0410-b094-e92efae38249

diff --git a/libcurl.c b/libcurl.c
index 7c9b7dbdf0060802087ef8769881a7d686a8ddbc..bfbc1f13151c333fbe7196720db602667f0d6b4b 100644 (file)
--- a/libcurl.c
+++ b/libcurl.c
@@ -736,6 +736,14 @@ static qboolean Curl_Begin(const char *URL, const char *name, qboolean ispak, qb
                        }
                }
 
+               // if we get here, we actually want to download... so first verify the
+               // URL scheme (so one can't read local files using file://)
+               if(strncmp(URL, "http://", 7) && strncmp(URL, "ftp://", 6) && strncmp(URL, "https://", 8))
+               {
+                       Con_Printf("Curl_Begin(\"%s\")): nasty URL scheme rejected\n", URL);
+                       return false;
+               }
+
                if(forthismap)
                        ++numdownloads_added;
                di = (downloadinfo *) Z_Malloc(sizeof(*di));