From cf53412d812f30d94e849f5bbbd6176d647a96cf Mon Sep 17 00:00:00 2001
From: divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Fri, 12 Sep 2008 08:18:19 +0000
Subject: [PATCH] curl: reject file:// URLs

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@8503 d7cf8633-e32d-0410-b094-e92efae38249
---
 libcurl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libcurl.c b/libcurl.c
index 7c9b7dbd..bfbc1f13 100644
--- a/libcurl.c
+++ b/libcurl.c
@@ -736,6 +736,14 @@ static qboolean Curl_Begin(const char *URL, const char *name, qboolean ispak, qb
 			}
 		}
 
+		// if we get here, we actually want to download... so first verify the
+		// URL scheme (so one can't read local files using file://)
+		if(strncmp(URL, "http://", 7) && strncmp(URL, "ftp://", 6) && strncmp(URL, "https://", 8))
+		{
+			Con_Printf("Curl_Begin(\"%s\")): nasty URL scheme rejected\n", URL);
+			return false;
+		}
+
 		if(forthismap)
 			++numdownloads_added;
 		di = (downloadinfo *) Z_Malloc(sizeof(*di));
-- 
2.39.2