Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:64600 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 95112 invoked from network); 6 Jan 2013 09:29:00 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Jan 2013 09:29:00 -0000 Authentication-Results: pb1.pair.com header.from=indeyets@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=indeyets@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.54 as permitted sender) X-PHP-List-Original-Sender: indeyets@gmail.com X-Host-Fingerprint: 74.125.82.54 mail-wg0-f54.google.com Received: from [74.125.82.54] ([74.125.82.54:49488] helo=mail-wg0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DD/08-62408-9D349E05 for ; Sun, 06 Jan 2013 04:28:59 -0500 Received: by mail-wg0-f54.google.com with SMTP id fg15so8514062wgb.21 for ; Sun, 06 Jan 2013 01:28:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=sWiEMKpx7TeeKoxal8VBEdo+fHi5pC3L+fmM7F6eBm4=; b=MY4Ki1d5ER7L82PHc0psMZq3R5UdmXnUzVGop9RR79m2H9oMRWs3ZcTLkAkqWOdNam rDKueYQTP/NLG6+OK6skzmbWBIR0Dp/U54jz+MRdfe0cgYFHzQFZfqasLldyZPodi3za 9dCecw43U8hEscYonHJmNaZDbOZD2rkl0czoyb2FiFDKb3qOfkHu4RZDX822t+9OhRAY 5aM5gFZ+1z091Jq8litbeNipI/co+C1YxdA6kSjyjZWa9MUcqjhD++uoBCk2zseJUkyE COkm9X56iVDjcyKCdXFPoJUajf/HrU5tA+P9U3pLlNyTk7L2w77k1W1uojyGo+v08eej QFvQ== X-Received: by 10.194.238.5 with SMTP id vg5mr90538075wjc.40.1357464535003; Sun, 06 Jan 2013 01:28:55 -0800 (PST) Received: from atlas.home (ANantes-256-1-136-160.w90-12.abo.wanadoo.fr. [90.12.207.160]) by mx.google.com with ESMTPS id ew4sm7447597wid.11.2013.01.06.01.28.53 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 06 Jan 2013 01:28:53 -0800 (PST) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) In-Reply-To: <50E90DD1.7040204@sugarcrm.com> Date: Sun, 6 Jan 2013 10:28:51 +0100 Cc: PHP Internals Content-Transfer-Encoding: 7bit Message-ID: References: <50E90DD1.7040204@sugarcrm.com> To: Stas Malyshev X-Mailer: Apple Mail (2.1499) Subject: Re: [PHP-DEV] [RFC] Fixing insecure cURL file uploading From: indeyets@gmail.com (Alexey Zakhlestin) On 06.01.2013, at 6:38, Stas Malyshev wrote: > Following the recent discussion on the list, I've drafted an RFC > describing the CurlFile solution for it here: > > https://wiki.php.net/rfc/curl-file-upload > > Please review and comment. If there's a general positive feedback, I'll > try to implement a patch for it pretty soon. Looks elegant and extensible. Great work! -- Alexey Zakhlestin https://github.com/indeyets