The option CURLOPT_SAFE_UPLOAD still exists, but cannot be disabled.
- Curl:
. Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence)
+ . Removed support for unsafe file uploads. (Nikita)
- Date:
. Fixed day_of_week function as it could sometimes return negative values
Other
=====
+- Curl:
+ . Removed support for disabling the CURLOPT_SAFE_UPLOAD option. All curl file
+ uploads must use the curl_file / CURLFile APIs.
+
- Date:
. Removed $is_dst parameter from mktime() and gmmktime().
zend_llist_init(&ch->to_free->str, sizeof(char *), (llist_dtor_func_t)curl_free_string, 0);
zend_llist_init(&ch->to_free->post, sizeof(struct HttpPost), (llist_dtor_func_t)curl_free_post, 0);
- ch->safe_upload = 1; /* for now, for BC reason we allow unsafe API */
ch->to_free->slist = emalloc(sizeof(HashTable));
zend_hash_init(ch->to_free->slist, 4, NULL, curl_free_slist, 0);
break;
case CURLOPT_SAFE_UPLOAD:
lval = zval_get_long(zvalue);
- ch->safe_upload = (lval != 0);
+ if (lval == 0) {
+ php_error_docref(NULL, E_WARNING, "Disabling safe uploads is no longer supported");
+ return FAILURE;
+ }
break;
/* String options */
/* The arguments after _NAMELENGTH and _CONTENTSLENGTH
* must be explicitly cast to long in curl_formadd
* use since curl needs a long not an int. */
- if (!ch->safe_upload && *postval == '@') {
- char *name, *type, *filename;
- ++postval;
-
- php_error_docref("curl.curlfile", E_DEPRECATED,
- "The usage of the @filename API for file uploading is deprecated. Please use the CURLFile class instead");
-
- name = estrndup(postval, Z_STRLEN_P(current));
- if ((type = (char *)php_memnstr(name, ";type=", sizeof(";type=") - 1,
- name + Z_STRLEN_P(current)))) {
- *type = '\0';
- }
- if ((filename = (char *)php_memnstr(name, ";filename=", sizeof(";filename=") - 1,
- name + Z_STRLEN_P(current)))) {
- *filename = '\0';
- }
- /* open_basedir check */
- if (php_check_open_basedir(name)) {
- efree(name);
- return FAILURE;
- }
- error = curl_formadd(&first, &last,
- CURLFORM_COPYNAME, string_key->val,
- CURLFORM_NAMELENGTH, string_key->len,
- CURLFORM_FILENAME, filename ? filename + sizeof(";filename=") - 1 : name,
- CURLFORM_CONTENTTYPE, type ? type + sizeof(";type=") - 1 : "application/octet-stream",
- CURLFORM_FILE, name,
- CURLFORM_END);
- efree(name);
- } else {
- error = curl_formadd(&first, &last,
- CURLFORM_COPYNAME, string_key->val,
- CURLFORM_NAMELENGTH, (zend_long)string_key->len,
- CURLFORM_COPYCONTENTS, postval,
- CURLFORM_CONTENTSLENGTH, (zend_long)Z_STRLEN_P(current),
- CURLFORM_END);
- }
+ error = curl_formadd(&first, &last,
+ CURLFORM_COPYNAME, string_key->val,
+ CURLFORM_NAMELENGTH, (zend_long)string_key->len,
+ CURLFORM_COPYCONTENTS, postval,
+ CURLFORM_CONTENTSLENGTH, (zend_long)Z_STRLEN_P(current),
+ CURLFORM_END);
zend_string_release(string_key);
} ZEND_HASH_FOREACH_END();
zend_resource *res;
zend_bool in_callback;
uint32_t clone;
- zend_bool safe_upload;
} php_curl;
#define CURLOPT_SAFE_UPLOAD -1
--INI--
error_reporting = E_ALL & ~E_DEPRECATED
--SKIPIF--
-<?php
-include 'skipif.inc';
-?>
+<?php include 'skipif.inc'; ?>
--FILE--
<?php
- include 'server.inc';
- $host = curl_cli_server_start();
+include 'server.inc';
+$host = curl_cli_server_start();
$ch = curl_init();
-curl_setopt($ch, CURLOPT_SAFE_UPLOAD, 0);
+curl_setopt($ch, CURLOPT_SAFE_UPLOAD, 1);
curl_setopt($ch, CURLOPT_URL, "{$host}/get.php?test=file");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-$params = array('file' => '@' . __DIR__ . '/curl_testdata1.txt');
+$file = curl_file_create(__DIR__ . '/curl_testdata1.txt');
+$params = array('file' => $file);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
var_dump(curl_exec($ch));
-$params = array('file' => '@' . __DIR__ . '/curl_testdata1.txt;type=text/plain');
+$file = curl_file_create(__DIR__ . '/curl_testdata1.txt', "text/plain");
+$params = array('file' => $file);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
var_dump(curl_exec($ch));
-$params = array('file' => '@' . __DIR__ . '/curl_testdata1.txt;filename=foo.txt');
+$file = curl_file_create(__DIR__ . '/curl_testdata1.txt', null, "foo.txt");
+$params = array('file' => $file);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
var_dump(curl_exec($ch));
-$params = array('file' => '@' . __DIR__ . '/curl_testdata1.txt;type=text/plain;filename=foo.txt');
-curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
-var_dump(curl_exec($ch));
-
-$params = array('file' => '@' . __DIR__ . '/curl_testdata1.txt;filename=foo.txt;type=text/plain');
+$file = curl_file_create(__DIR__ . '/curl_testdata1.txt', "text/plain", "foo.txt");
+$params = array('file' => $file);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
var_dump(curl_exec($ch));
string(%d) "curl_testdata1.txt|text/plain"
string(%d) "foo.txt|application/octet-stream"
string(%d) "foo.txt|text/plain"
-string(%d) "foo.txt|text/plain"
+++ /dev/null
---TEST--
-Bug #27023 (CURLOPT_POSTFIELDS does not parse content types for files)
---INI--
-error_reporting = E_ALL & ~E_DEPRECATED
---SKIPIF--
-<?php include 'skipif.inc'; ?>
---FILE--
-<?php
-
-include 'server.inc';
-$host = curl_cli_server_start();
-$ch = curl_init();
-curl_setopt($ch, CURLOPT_SAFE_UPLOAD, 1);
-curl_setopt($ch, CURLOPT_URL, "{$host}/get.php?test=file");
-curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-
-$file = curl_file_create(__DIR__ . '/curl_testdata1.txt');
-$params = array('file' => $file);
-curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
-var_dump(curl_exec($ch));
-
-$file = curl_file_create(__DIR__ . '/curl_testdata1.txt', "text/plain");
-$params = array('file' => $file);
-curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
-var_dump(curl_exec($ch));
-
-$file = curl_file_create(__DIR__ . '/curl_testdata1.txt', null, "foo.txt");
-$params = array('file' => $file);
-curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
-var_dump(curl_exec($ch));
-
-$file = curl_file_create(__DIR__ . '/curl_testdata1.txt', "text/plain", "foo.txt");
-$params = array('file' => $file);
-curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
-var_dump(curl_exec($ch));
-
-
-curl_close($ch);
-?>
---EXPECTF--
-string(%d) "curl_testdata1.txt|application/octet-stream"
-string(%d) "curl_testdata1.txt|text/plain"
-string(%d) "foo.txt|application/octet-stream"
-string(%d) "foo.txt|text/plain"
string(%d) "foo.txt"
string(%d) "foo.txt|application/octet-stream"
-Deprecated: curl_setopt(): The usage of the @filename API for file uploading is deprecated. Please use the CURLFile class instead in %s on line %d
-string(%d) "curl_testdata1.txt|application/octet-stream"
+Warning: curl_setopt(): Disabling safe uploads is no longer supported in %s on line %d
+string(0) ""
string(0) ""
string(%d) "array(1) {
["file"]=>
projects / php / commitdiff