tool_operate: reset the URL --url-query between --next

Pointed out by Codex Security Verify in test 1624 Closes #20802
2026-04-14 22:01:41 +03:00 · 2026-03-03 18:50:20 +01:00 · 2026-03-03 18:50:20 +01:00 · 933c34e873
commit 933c34e873
parent 3c007d6351
4 changed files with 64 additions and 7 deletions
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@ -45,7 +45,6 @@ struct State {
  struct getout *urlnode;
  struct URLGlob inglob;
  struct URLGlob urlglob;
-  char *httpgetfields;
  char *uploadfile;
  curl_off_t upnum;     /* number of files to upload */
  curl_off_t upidx;     /* index for upload glob */
@ -143,6 +142,7 @@ struct OperationConfig {
  char *krblevel;
  char *request_target;
  char *writeout;           /* %-styled format string to output */
+  char *httpgetfields;
  struct curl_slist *quote;
  struct curl_slist *postquote;
  struct curl_slist *prequote;
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@ -1359,8 +1359,8 @@ static CURLcode create_single(struct OperationConfig *config,
      global->isatty = orig_isatty;
    }

-    if(state->httpgetfields) {
-      result = append2query(config, per, state->httpgetfields);
+    if(config->httpgetfields) {
+      result = append2query(config, per, config->httpgetfields);
      if(result)
        return result;
    }
@ -1406,7 +1406,7 @@ static CURLcode single_transfer(struct OperationConfig *config,
 {
  CURLcode result = CURLE_OK;
  struct State *state = &global->state;
-  char *httpgetfields = state->httpgetfields;
+  char *httpgetfields = config->httpgetfields;

  *skipped = *added = FALSE; /* not yet */

@ -1414,7 +1414,7 @@ static CURLcode single_transfer(struct OperationConfig *config,
    if(config->use_httpget) {
      if(!httpgetfields) {
        /* Use the postfields data for an HTTP get */
-        httpgetfields = state->httpgetfields = config->postfields;
+        httpgetfields = config->httpgetfields = config->postfields;
        config->postfields = NULL;
        if(SetHTTPrequest((config->no_body ? TOOL_HTTPREQ_HEAD :
                           TOOL_HTTPREQ_GET), &config->httpreq))
@ -1425,7 +1425,7 @@ static CURLcode single_transfer(struct OperationConfig *config,
      return CURLE_FAILED_INIT;
  }
  if(!httpgetfields)
-    state->httpgetfields = config->query;
+    config->httpgetfields = config->query;

  result = set_cert_types(config);
  if(result)
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@ -214,7 +214,7 @@ test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 \
 test1598 test1599 test1600 test1601 test1602 test1603 test1604 test1605 \
 test1606 test1607 test1608 test1609 test1610 test1611 test1612 test1613 \
 test1614 test1615 test1616 test1617 \
-test1620 test1621 test1622 test1623 \
+test1620 test1621 test1622 test1623 test1624 \
 \
 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 \
 \
--- a/tests/data/test1624
+++ b/tests/data/test1624
@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<testcase>
+<info>
+<keywords>
+HTTP
+--url-query
+--next
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data crlf="headers" nocheck="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<name>
+URL + --url-query with --next and another URL without --url-query
+</name>
+<command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER --url-query token=secret --next http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="headers">
+GET /%TESTNUMBER?token=secret HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>