Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:64480 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 97589 invoked from network); 2 Jan 2013 17:20:20 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Jan 2013 17:20:20 -0000 Authentication-Results: pb1.pair.com smtp.mail=pierrick@webstart.fr; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=pierrick@webstart.fr; sender-id=unknown Received-SPF: error (pb1.pair.com: domain webstart.fr from 74.125.82.50 cause and error) X-PHP-List-Original-Sender: pierrick@webstart.fr X-Host-Fingerprint: 74.125.82.50 mail-wg0-f50.google.com Received: from [74.125.82.50] ([74.125.82.50:50222] helo=mail-wg0-f50.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FF/F9-12868-25C64E05 for ; Wed, 02 Jan 2013 12:20:19 -0500 Received: by mail-wg0-f50.google.com with SMTP id es5so6756281wgb.29 for ; Wed, 02 Jan 2013 09:20:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=k848a6+fAYTreIFB/AR7nQAh9z0mxiQmHB/hSQ3vcx0=; b=kFxPEdEIcwxiI0MDDVjxbUNHkOh6xWXcPF0DZnVV9jkjPq1rI8SzGNYIGCyJpWjhib sED09NxZagCQDx9A7kLbKJHmW2zfq+1qdjBtJd7ZDQTBH+/Kak1kgd8sx1P7YGxZCR28 KguCV0wlLaZH+VoELxdeVJu+GfhvpNqkfOCGGM40WXoBpGhp64DA2iWDxAEOEs3IMcIo wRiHjW4MGrkszF0g9Cbqt2nCyOgdDHdoJCwj9TBhu1FzZ04N3aKRTZ7SgspJWIRsJ+Fz AVNV/AWqdpdd10U3bnR+OIMp/KU/FTmwsGEJLWul5PqzTFUYRR2KEHradVDn/s3E3Qz/ doIg== MIME-Version: 1.0 Received: by 10.180.72.232 with SMTP id g8mr72327346wiv.0.1357147216197; Wed, 02 Jan 2013 09:20:16 -0800 (PST) Received: by 10.180.98.226 with HTTP; Wed, 2 Jan 2013 09:20:16 -0800 (PST) In-Reply-To: <50E3DEA8.3090509@sugarcrm.com> References: <4F5C5540.8010204@sugarcrm.com> <4F5D3569.8050307@sugarcrm.com> <50DE4A01.8050006@sugarcrm.com> <50E3DEA8.3090509@sugarcrm.com> Date: Wed, 2 Jan 2013 12:20:16 -0500 Message-ID: To: Stas Malyshev Cc: Internals Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQnhBgkxdge1Ct9qTySk2ZjK1giOuB74iTJ732lbz+IgK/K+grgpSNTUwqnGM3g1XDJZWD7H Subject: Re: [PHP-DEV] CURL file posting From: pierrick@webstart.fr (Pierrick Charron) Hi Stas, I think you're right using object is the safest way to do it safely. It might look strange because there are no object at all in the current extension and the procedural function will use in this specific case an object but still we have to provide a safe way to do it. I also agree with Johannes, the php/curl api is not the easiest one to use, mainly due to the number of available functionalities. pecl/http is really a nicer api, and it is easier to work with but it don't offer all the functionnalities libcurl do. Maybe Mike is planning to add all of those ? Pierrick On 2 January 2013 02:15, Stas Malyshev wrote: > Hi! > > I'm thinking maybe the best solution is to have a new class - say, > CurlFile - and do this: > > $file = new CurlFile("myface.png", "image/png"); > curl_setopt($ch, CURLOPT_POSTFIELDS, array("foo" => "bar", "picture" => > $file); > > This would allow us to do two things: > 1. Protect ourselves from injection since you can not inject objects > (there's still a matter of serialized data, but this can be handled by > the class itself). > 2. Support much more options in the file - e.g., right now it does not > support streams, but libcurl has CURLFORM_STREAM - maybe we could use > it, or maybe just read in the stream data and use it as CURLFORM_BUFFER. > Of course, that would not work for big files, but here we are able to > use much more options than with old @-based API. > > Any holes in this idea? If not, I'll try to make an RFC for it. > -- > Stanislav Malyshev, Software Architect > SugarCRM: http://www.sugarcrm.com/ > (408)454-6900 ext. 227