Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:58912 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 18096 invoked from network); 13 Mar 2012 12:32:40 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Mar 2012 12:32:40 -0000 Authentication-Results: pb1.pair.com header.from=pierrick@webstart.fr; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=pierrick@webstart.fr; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain webstart.fr from 209.85.210.46 cause and error) X-PHP-List-Original-Sender: pierrick@webstart.fr X-Host-Fingerprint: 209.85.210.46 mail-pz0-f46.google.com Received: from [209.85.210.46] ([209.85.210.46:54775] helo=mail-pz0-f46.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A3/F1-06964-66E3F5F4 for ; Tue, 13 Mar 2012 07:32:39 -0500 Received: by dajr28 with SMTP id r28so819846daj.19 for ; Tue, 13 Mar 2012 05:32:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=UbNKMXdwkvAObG7kvnYbyqsCpOuwf2lxHnD1LYh0Roo=; b=LJsHFmpXHm4UBmYptYt27qBw0L+/2Xe/nNpIWNL9yC/rWzCb9QdBd0R2aVgn7oDIhJ ClpvasWrQ1kAKn3A6hxIafftP6wGSjg9/MZ7h6a2EiHGLRSBNlXUUOYUqdZJFbaTSvEV RfB30uMqKI1qY2BzVmEo3uEQ9Ok0Nc863YxMIr8bclHL0yxgwq9aQ8yEERVhTxuuKy7Z FPUCaLggSSL1lbjacaXwhYQKIu6AdevWyCYpoB+L6HbjDSR6e3YfSFfYvJevo+uZCQXH 0MkkXH40lvrmySNMsbNBI3iHGg+zlsn4mZdoF7v1v7X6JCJwda48r1eeqVbSbrIJcVVt 6+kA== MIME-Version: 1.0 Received: by 10.68.229.234 with SMTP id st10mr3627161pbc.86.1331641955492; Tue, 13 Mar 2012 05:32:35 -0700 (PDT) Received: by 10.68.9.103 with HTTP; Tue, 13 Mar 2012 05:32:35 -0700 (PDT) In-Reply-To: <4F5D3569.8050307@sugarcrm.com> References: <4F5C5540.8010204@sugarcrm.com> <4F5D3569.8050307@sugarcrm.com> Date: Tue, 13 Mar 2012 08:32:35 -0400 Message-ID: To: Stas Malyshev Cc: Tom Boutell , Internals Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQk1/DFbsHQey0WEO8GJDQfQ0Z7Nk5zpp64dQn8b3HEa+hYOnqdGmeqnRducosf2Z9N1o/tj Subject: Re: [PHP-DEV] CURL file posting From: pierrick@webstart.fr (Pierrick Charron) We could add a flag to disable the @ usage but I'm against having the '@' usage disabled by default. This BC break would be in my opinion too big. An other solution would be to have something like (We will also have to add the type and filename support to this solution so this is just a first proposal) : curl_setopt($curl_handle, CURLOPT_HTTPPOSTFIELDS, array( 'firstname' => 'pierrick', 'lastname' => array(CURL_FORMSTR, 'charron'), 'lastname' => array(CURL_FORMFILE, '/home/pierrick/picture.png') ); Pierrick Otherwise the safest way for people is to use http_build_query on their parameter array. Pierrick On 11 March 2012 19:29, Stas Malyshev wrote: > Hi! > >> I'd sure like a PHP extension that didn't have this obvious and nasty bug: >> >> https://bugs.php.net/bug.php?id=46439 > > > This doesn't look good. Documentation does say the @ prefix exists, but it > has very high potential of creating security holes for unsuspecting people. > open_basedir would help limit the impact, but still it's not a good thing. > Any ideas on fixing it without breaking the BC? > -- > Stanislav Malyshev, Software Architect > SugarCRM: http://www.sugarcrm.com/ > (408)454-6900 ext. 227 > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php >