Hi all,
Stas opened a discussion almost a year ago about
https://bugs.php.net/bug.php?id=46439 (I let you read details in the
bug) and I would like to reopen the subject since there was no end to
this discussion and nothing was made to fix this issue.
One solution proposed by Richard Lynch was to add a new
CURLOPT_FILEFIELDS that takes an array of the parameters that are
supposed to be files, so the ones that are expected to have '@'. One
problem that we may have to deal with this solution is that the user
will have to add all the post params in 2 steps (first for the string
data and then for the files). Internally, libcurl only allow one call
to CURLOPT_HTTPPOST (second will override the first one), so it may
become unclear either the new data are appended, or overwrite the old
one.
An other solution proposed by Ángel González was to add a new option
to disable the '@' check, problem with this is that it will only
prevent uploading unwanted files if someone write something starting
with an '@', but it also disable completely the feature.
A last solution would be to something similar to libcurl curl_formadd
(this one could be added to the previous one so that the old way work
but there is a more secure way to do it) :
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(
'firstname' => 'pierrick',
'lastname' => array(CURLFORM_CONTENTS => 'charron'),
'lastname' => array(CURLFORM_FILENAME => 'name.png', CURLFORM_FILE
=> '/home/pierrick/picture.png', CURLFORM_CONTENTTYPE => 'image/jpg')
);
One thing we have to think about this solution is if at some point we
want to allow sending array via curl, will it conflict ?
Do someone have an other better idea ? Which one would you prefer and
see implemented ?
Thanks all for your inputs
Pierrick
PS : Sorry for creating a new topic and not responding to the old one
but when I tried to do it, the ML refused my mail for no reason.