Re: [RFC] Fixing insecure cURL file uploading

From:	Pierrick Charron	Date:	Mon, 07 Jan 2013 04:40:12 +0000
Subject:	Re: [RFC] Fixing insecure cURL file uploading
References:	1	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Stas,

Everything looks good to me :) Great job.

About your optional section :

I like the procedural function that you proposed so that you don't
have to use an object if you don't want to.

cURL allow you to upload file from string buffer with CURLFORM_BUFFER
and we should be able to do all the streams stuff with CURLFORM_STREAM
and by modifying our CURLOPT_READFUNCTION.

Pierrick


On 6 January 2013 00:38, Stas Malyshev <[email protected]> wrote:
> Hi!
>
> Following the recent discussion on the list, I've drafted an RFC
> describing the CurlFile solution for it here:
>
> https://wiki.php.net/rfc/curl-file-upload
>
> Please review and comment. If there's a general positive feedback, I'll
> try to implement a patch for it pretty soon.
> --
> Stanislav Malyshev, Software Architect
> SugarCRM: http://www.sugarcrm.com/
> (408)454-6900 ext. 227
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>


   

Thread (14 messages)

• Stas MalyshevSun, 06 Jan 2013 05:38:25 +0000
  • Alexey ZakhlestinSun, 06 Jan 2013 09:28:51 +0000
  • Martin JansenSun, 06 Jan 2013 09:39:20 +0000
  • Lars StrojnySun, 06 Jan 2013 16:30:58 +0000
    • Stas MalyshevMon, 07 Jan 2013 06:42:12 +0000
  • Levi MorrisonMon, 07 Jan 2013 01:19:13 +0000
  • Pierrick CharronMon, 07 Jan 2013 04:40:12 +0000
    • Stas MalyshevMon, 07 Jan 2013 05:35:43 +0000
    • Stas MalyshevMon, 07 Jan 2013 06:40:19 +0000
      • Pierrick CharronMon, 07 Jan 2013 15:39:10 +0000
        • Stas MalyshevTue, 08 Jan 2013 09:23:17 +0000
          • Pierrick CharronThu, 17 Jan 2013 18:42:57 +0000
            • Stas MalyshevThu, 17 Jan 2013 20:35:32 +0000
              • Pierrick CharronThu, 17 Jan 2013 21:30:22 +0000