Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:64637
Return-Path: <pierrick@webstart.fr>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 66243 invoked from network); 7 Jan 2013 15:39:17 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Jan 2013 15:39:17 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierrick@webstart.fr; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=pierrick@webstart.fr; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain webstart.fr from 74.125.82.176 cause and error)
X-PHP-List-Original-Sender: pierrick@webstart.fr
X-Host-Fingerprint: 74.125.82.176 mail-we0-f176.google.com  
Received: from [74.125.82.176] ([74.125.82.176:53040] helo=mail-we0-f176.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 12/02-52518-22CEAE05 for <internals@lists.php.net>; Mon, 07 Jan 2013 10:39:16 -0500
Received: by mail-we0-f176.google.com with SMTP id r5so9896487wey.7
        for <internals@lists.php.net>; Mon, 07 Jan 2013 07:39:11 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:x-gm-message-state;
        bh=7tN5fEw9sKTUPDjYkEIxo/ZrCLY9egUky9HPTRIPB6E=;
        b=D0QuHev4ioXjSYao7ISKkcmPgG3vjDiMayR+mNG5Lb0voKDdGn+x56ckZ2uszmbvxH
         YniKL16F8V06JW5hrTsX2R6P1GEe3hputMSBHUrvwUNge/o02NAAz4+8RbIz0bJrde9L
         mPrcS1UsMNgtyJiXNp0qTLPIDSwigRtaOkYk4GD6Vr7gY3QbYTjFzssNmcoCp0Gbn4Sp
         9je0YMdu99hJvPF+WaFKgMxKlHhd0v+57Stlxb9YYQsh7R5+qgtOnC+q6U7bZozIV7rD
         3mY021bJqm0rnOeIjilX18HnAnFSijpdDnfXUSqMFdwTFrQ8aHeFuv0OlAJ1GHBU/Tu0
         ejQA==
MIME-Version: 1.0
Received: by 10.194.123.105 with SMTP id lz9mr96935548wjb.43.1357573151083;
 Mon, 07 Jan 2013 07:39:11 -0800 (PST)
Received: by 10.180.98.226 with HTTP; Mon, 7 Jan 2013 07:39:10 -0800 (PST)
In-Reply-To: <50EA6DD3.1040401@sugarcrm.com>
References: <50E90DD1.7040204@sugarcrm.com>
	<CAOfKkdTAV9qY_sxzORzhBjH0kRbkJr8XF+sU5eik=SGw582Nng@mail.gmail.com>
	<50EA6DD3.1040401@sugarcrm.com>
Date: Mon, 7 Jan 2013 10:39:10 -0500
Message-ID: <CAOfKkdSMgVGpKbkzwG4kNaJRbk9kZsc14z2Cs4CB9B1rAAs=9g@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQnDZNCvthb3zJM8cTPRxumjI2OEjSU5Hb7HGcntGf6zDqkGNbmGyak559tMgBpeX/UxoEs2
Subject: Re: [PHP-DEV] [RFC] Fixing insecure cURL file uploading
From: pierrick@webstart.fr (Pierrick Charron)

Looks good to me, just it could be great to add a new cURL option at
the same time to disable the '@' usage so that someone working with
the new ext/curl version can disable it and therefore send values
starting by @

Pierrick

On 7 January 2013 01:40, Stas Malyshev <smalyshev@sugarcrm.com> wrote:
> Hi!
>
> I've added the pull request for the CURLFile here:
> https://github.com/php/php-src/pull/255
>
> No procedural API yet, I'm not really sure if we need it, it's not that
> hard writing "new CurlFile()". But if needed I can add it there.
> Everybody please take a look and see if you notice any problems or
> missing stuff there. Tests are there and they pass for me :)
>
> --
> Stanislav Malyshev, Software Architect
> SugarCRM: http://www.sugarcrm.com/
> (408)454-6900 ext. 227