Re: [RFC] Fixing insecure cURL file uploading

From:	Pierrick Charron	Date:	Thu, 17 Jan 2013 18:42:57 +0000
Subject:	Re: [RFC] Fixing insecure cURL file uploading
References:	1 2 3 4 5	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Stas,

What's the status of this fix ?

Thanks
Pierrick

On 8 January 2013 04:23, Stas Malyshev <[email protected]> wrote:
> Hi!
>
>> Looks good to me, just it could be great to add a new cURL option at
>> the same time to disable the '@' usage so that someone working with
>> the new ext/curl version can disable it and therefore send values
>> starting by @
>
> That is a good suggestion, I'll add CURL_SAFE_POSTFIELDS which would
> disable the @ option.
>
> --
> Stanislav Malyshev, Software Architect
> SugarCRM: http://www.sugarcrm.com/
> (408)454-6900 ext. 227


   

Thread (14 messages)

• Stas MalyshevSun, 06 Jan 2013 05:38:25 +0000
  • Alexey ZakhlestinSun, 06 Jan 2013 09:28:51 +0000
  • Martin JansenSun, 06 Jan 2013 09:39:20 +0000
  • Lars StrojnySun, 06 Jan 2013 16:30:58 +0000
    • Stas MalyshevMon, 07 Jan 2013 06:42:12 +0000
  • Levi MorrisonMon, 07 Jan 2013 01:19:13 +0000
  • Pierrick CharronMon, 07 Jan 2013 04:40:12 +0000
    • Stas MalyshevMon, 07 Jan 2013 05:35:43 +0000
    • Stas MalyshevMon, 07 Jan 2013 06:40:19 +0000
      • Pierrick CharronMon, 07 Jan 2013 15:39:10 +0000
        • Stas MalyshevTue, 08 Jan 2013 09:23:17 +0000
          • Pierrick CharronThu, 17 Jan 2013 18:42:57 +0000
            • Stas MalyshevThu, 17 Jan 2013 20:35:32 +0000
              • Pierrick CharronThu, 17 Jan 2013 21:30:22 +0000