Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74084 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 66909 invoked from network); 9 May 2014 06:54:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 May 2014 06:54:42 -0000 Authentication-Results: pb1.pair.com header.from=laruence@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=laruence@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.47 as permitted sender) X-PHP-List-Original-Sender: laruence@gmail.com X-Host-Fingerprint: 209.85.215.47 mail-la0-f47.google.com Received: from [209.85.215.47] ([209.85.215.47:50301] helo=mail-la0-f47.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DB/BD-15882-1BB7C635 for ; Fri, 09 May 2014 02:54:41 -0400 Received: by mail-la0-f47.google.com with SMTP id pn19so131869lab.34 for ; Thu, 08 May 2014 23:54:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=TYv1FFeWINLjRnUHl27ov44GIkah1cqad6RXHwc2uKY=; b=uAdb/jqZz2YRz07VMdYjBsUVWUyEwmHOy7RcH00a8qK4lCg0n1Q2iZWucw45YNVZMx nP2249DvVKCGMYx1Ubls6RnKTbYQgmNeUM90zwQLHJAEf6Gk5LHca5pYnCb8CLxUhfK/ /IWO3E9J+qIPVIqhnByGfOrIeHp/Ymo4TH7oYNoh8TSU5+iPlCXwtAGDGgHRdqeoZ/wG hIeDl3Y/YnI+jQCtEgb0FL63T0tqtJkPHeMc2sQE4jDbD+7+OUG2dQilbcoLWAzzesT+ 6w1ivZI1HZcvRRtTTE5YpUm7qQ0U7Npd+DZHtULz5Wqftjz0aUOOGeOKHN73602qy5g9 5FHQ== X-Received: by 10.112.146.234 with SMTP id tf10mr9966801lbb.1.1399618477652; Thu, 08 May 2014 23:54:37 -0700 (PDT) MIME-Version: 1.0 Sender: laruence@gmail.com Received: by 10.114.246.36 with HTTP; Thu, 8 May 2014 23:54:17 -0700 (PDT) In-Reply-To: <536C7B33.6050704@sugarcrm.com> References: <536C7B33.6050704@sugarcrm.com> Date: Fri, 9 May 2014 14:54:17 +0800 X-Google-Sender-Auth: qNsYCiDN8Oab8eRvkTF00y029Hg Message-ID: To: Stas Malyshev Cc: PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Re: ext/curl safe_upload is changed From: laruence@php.net (Laruence) On Fri, May 9, 2014 at 2:52 PM, Stas Malyshev wrote: > Hi! > >> I noticed that this change : https://github.com/php/php-src/commit/24447dca >> >> it has broken some tests in ext/curl... did you run make test before? > > Which tests? AFAIK the tests on Travis include curl, and they are green. $ cat ext/curl/tests/bug27023.diff 001+ string(0) "" 002+ string(0) "" 003+ string(0) "" 004+ string(0) "" 005+ string(0) "" 001- string(%d) "curl_testdata1.txt|application/octet-stream" 002- string(%d) "curl_testdata1.txt|text/plain" 003- string(%d) "foo.txt|application/octet-stream" 004- string(%d) "foo.txt|text/plain" 005- string(%d) "foo.txt|text/plain" thanks > >> Anyway, the current behavior is silent return if the codes uses >> old upload style("@filename"); > > What you mean by silent return? If unsafe upload is not turned on, > @filename is just a variable like any other. > >> I think it's better to throw a warning or something error about that.... > > I don't think so. "@filename" is a string like any others, there's no > reason to throw warnings on legitimate upload values. > -- > Stanislav Malyshev, Software Architect > SugarCRM: http://www.sugarcrm.com/ > (408)454-6900 ext. 227 -- Laruence Xinchen Hui http://www.laruence.com/