ext/curl safe_upload is changed

11 years ago by Laruence — view source

unread

Hey Stas:

 I noticed that this change : https://github.com/php/php-src/commit/24447dca

 it has broken some tests  in ext/curl...  did you run make test before?

 Anyway,  the current behavior is silent return if the codes uses

old upload style("@filename");

 I think it's better to throw a warning or something error about that....

 thoughts?

thanks

--
Laruence Xinchen Hui
http://www.laruence.com/

11 years ago by Stas Malyshev — view source

unread

Hi!

 I noticed that this change : https://github.com/php/php-src/commit/24447dca

 it has broken some tests  in ext/curl...  did you run make test before?

Which tests? AFAIK the tests on Travis include curl, and they are green.

 Anyway,  the current behavior is silent return if the codes uses

old upload style("@filename");

What you mean by silent return? If unsafe upload is not turned on,
@filename is just a variable like any other.

 I think it's better to throw a warning or something error about that....

I don't think so. "@filename" is a string like any others, there's no
reason to throw warnings on legitimate upload values.

Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

11 years ago by Laruence — view source

unread

Hi!
 I noticed that this change : https://github.com/php/php-src/commit/24447dca

 it has broken some tests  in ext/curl...  did you run make test before?
Which tests? AFAIK the tests on Travis include curl, and they are green.
$ cat ext/curl/tests/bug27023.diff
001+ string(0) ""
002+ string(0) ""
003+ string(0) ""
004+ string(0) ""
005+ string(0) ""
001- string(%d) "curl_testdata1.txt|application/octet-stream"
002- string(%d) "curl_testdata1.txt|text/plain"
003- string(%d) "foo.txt|application/octet-stream"
004- string(%d) "foo.txt|text/plain"
005- string(%d) "foo.txt|text/plain"

thanks

 Anyway,  the current behavior is silent return if the codes uses
old upload style("@filename");
What you mean by silent return? If unsafe upload is not turned on,
@filename is just a variable like any other.
 I think it's better to throw a warning or something error about that....
I don't think so. "@filename" is a string like any others, there's no
reason to throw warnings on legitimate upload values.

Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

--
Laruence Xinchen Hui
http://www.laruence.com/

11 years ago by Stas Malyshev — view source

unread

Hi!

Which tests? AFAIK the tests on Travis include curl, and they are green.
$ cat ext/curl/tests/bug27023.diff

Ahh, this test requires special configuration. It'd be better to rewrite
it to supply its own server and not to have to set up special server for
it. But it needs either:
curl_setopt($ch, CURLOPT_SAFE_UPLOAD, 0);
or, even better, to be rewritten with new safe API in mind. Preferably
the latter. I'll look into it on the weekend if nobody beats me to it.

--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

ext/curl safe_upload is changed

I don't think so. "@filename" is a string like any others, there's no reason to throw warnings on legitimate upload values.

I don't think so. "@filename" is a string like any others, there's no reason to throw warnings on legitimate upload values.

I don't think so. "@filename" is a string like any others, there's no
reason to throw warnings on legitimate upload values.

I don't think so. "@filename" is a string like any others, there's no
reason to throw warnings on legitimate upload values.