Sanitizes filenames by removing or replacing potentially problematic characters
Makes filenames safe for cross-platform use
Prevents directory traversal attacks (e.g., "../../../")
After a recent release rustls provides better error messages for
invalid certificates. For example:
```
invalid peer certificate: certificate not valid for name "wrong.host.badssl.com"; certificate is only valid for DnsName("*.badssl.com") or DnsName("badssl.com")
```
The message for expired certificates still isn't too readable but the
error now contains timestamps so we enhance it ourselves:
```
xh: error: error sending request for url (https://expired.badssl.com/)
Caused by:
0: client error (Connect)
1: invalid peer certificate: certificate expired: verification time 1742381579 (UNIX), but certificate is not valid after 1428883199 (313498380 seconds ago)
Certificate not valid after 2015-04-12 23:59:59.0 +00:00:00 (9years 11months 6days 8h 43m 24s ago).
```
We used to use `ErrorKind::InvalidData` to communicate binary data
that should not be shown in the terminal but that one can actually
happen in other cases as well. brotli decoding uses that ErrorKind,
and we now use it for all decompressors.
So an invalid brotli response would under certain circumstances render
as "NOTE: binary data not shown in terminal".
We can use our own error type to track this properly.
Fixes a panic for `xh head https://httpbin.dev/zstd`.
`ZstdDecoder::new()` returns a `Result`. We used to panic on this, but
it needs to be a `Read` error instead, so we can suppress the error
for an empty input the way we do for other decoders.
Our existing approach couldn't handle this, so I ended up refactoring
the system. I think it's cleaner now, though still weird.
We now also preserve the original decoder error instead of
`.to_string()`ing it, or strip it completely if there was an I/O
error. That should improve the error reporting.
If RUST_BACKTRACE=1 was set outside the test runner,
e.g. `RUST_BACKTRACE=1 cargo test`, this propagated to the test binary
and changed error outputs.
Interestingly this only affected `nested_json_type_error`.
Resolves#406.
Note that this commit does not alter the storage format of sessions.
Perhaps requiring a cookie path at all times would be a good idea, but
I haven't done that here, because I don't want to break existing
sessions for users.
Fixes: #400
upgrading cookie_store to 0.21.1 via this commit because it was pulling
idna which contained a CVE.
Signed-off-by: kranurag7 <81210977+kranurag7@users.noreply.github.com>
