Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:64621
Return-Path: <pierrick@webstart.fr>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 7137 invoked from network); 7 Jan 2013 04:40:21 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Jan 2013 04:40:21 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierrick@webstart.fr; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=pierrick@webstart.fr; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain webstart.fr from 74.125.82.44 cause and error)
X-PHP-List-Original-Sender: pierrick@webstart.fr
X-Host-Fingerprint: 74.125.82.44 mail-wg0-f44.google.com  
Received: from [74.125.82.44] ([74.125.82.44:34507] helo=mail-wg0-f44.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id DB/F3-12349-FA15AE05 for <internals@lists.php.net>; Sun, 06 Jan 2013 23:40:19 -0500
Received: by mail-wg0-f44.google.com with SMTP id dr12so9291377wgb.35
        for <internals@lists.php.net>; Sun, 06 Jan 2013 20:40:12 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:x-received:in-reply-to:references:date:message-id
         :subject:from:to:cc:content-type:x-gm-message-state;
        bh=Lp6PgVHNXk0kU1YJEPDKcrboWo3dKLHPfUMbwsFe18o=;
        b=XiP2Cjt0f3J+8PJQqN4jVk4TMTS48O1wMK4oyOzkwgYuREfchTS52hJlmzJ59YSPdg
         Hmut9AGeOAFR1gUv3QO+BgH52XD4P9P/FsgLGNiuLxdgoGWDz0epuB+QpUpxG0Ndl9lP
         GxDgSlInEO6M8xmm/95vdu+QUUGycMS0pQ8x52D4Q8THrXW35EKFcKOUHz3/n0S9E9gW
         zsPxHEynMPHzd85PJMy+GVu9SaTTG4NZFQDgU3ZPj+G/QUAR7RbdRxl1UPskZM6t3Zzn
         R7KBjQjW2D6Syb3Z/31fZ8YWyyV7IOTs4xpqpCumgFM4Ilg4Y0fBNCDpKZQq/a+EiX7I
         Givg==
MIME-Version: 1.0
X-Received: by 10.180.99.72 with SMTP id eo8mr7110200wib.34.1357533612154;
 Sun, 06 Jan 2013 20:40:12 -0800 (PST)
Received: by 10.180.98.226 with HTTP; Sun, 6 Jan 2013 20:40:12 -0800 (PST)
In-Reply-To: <50E90DD1.7040204@sugarcrm.com>
References: <50E90DD1.7040204@sugarcrm.com>
Date: Sun, 6 Jan 2013 23:40:12 -0500
Message-ID: <CAOfKkdTAV9qY_sxzORzhBjH0kRbkJr8XF+sU5eik=SGw582Nng@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQkjiybagtKzBiDRE5k3etMszMAME2HVCB9ezchz2XhATtwtdCBdYoKXeJuCIDh9wOmffygH
Subject: Re: [PHP-DEV] [RFC] Fixing insecure cURL file uploading
From: pierrick@webstart.fr (Pierrick Charron)

Hi Stas,

Everything looks good to me :) Great job.

About your optional section :

I like the procedural function that you proposed so that you don't
have to use an object if you don't want to.

cURL allow you to upload file from string buffer with CURLFORM_BUFFER
and we should be able to do all the streams stuff with CURLFORM_STREAM
and by modifying our CURLOPT_READFUNCTION.

Pierrick


On 6 January 2013 00:38, Stas Malyshev <smalyshev@sugarcrm.com> wrote:
> Hi!
>
> Following the recent discussion on the list, I've drafted an RFC
> describing the CurlFile solution for it here:
>
> https://wiki.php.net/rfc/curl-file-upload
>
> Please review and comment. If there's a general positive feedback, I'll
> try to implement a patch for it pretty soon.
> --
> Stanislav Malyshev, Software Architect
> SugarCRM: http://www.sugarcrm.com/
> (408)454-6900 ext. 227
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>