From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 13 Jun 2018 09:24:34 +0000 (+0200)
Subject: TODO: "Option to refuse usernames in URLs" done
X-Git-Tag: curl-7_61_0~70
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=54066f5d09dce2c96ddda6e25f33cf8fa5d50801;p=curl

TODO: "Option to refuse usernames in URLs" done

Implemented by Björn in 946ce5b61f
---

diff --git a/docs/TODO b/docs/TODO
index 3d58717b4..cea637868 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -17,7 +17,6 @@
  All bugs documented in the KNOWN_BUGS document are subject for fixing!
 
  1. libcurl
- 1.1 Option to refuse usernames in URLs
  1.2 More data sharing
  1.3 struct lifreq
  1.4 signal-based resolver timeouts
@@ -189,16 +188,6 @@
 
 1. libcurl
 
-1.1 Option to refuse usernames in URLs
-
- There's a certain risk for application in allowing user names in URLs. For
- example: if the wrong person gets to set the URL and manages to set a user
- name in there when .netrc is used, the application may send along a password
- that otherwise the person couldn't provide.
-
- A new libcurl option could be added to allow applications to switch off this
- feature and thus avoid a potential risk.
-
 1.2 More data sharing
 
  curl_share_* functions already exist and work, and they can be extended to