rfc:curl-file-upload
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
Previous revisionNext revision | |||
— | rfc:curl-file-upload [2013/01/16 23:15] – [Optional] stas | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Request for Comments: Fix CURL file uploads ====== | ||
+ | * Version: 1.0 | ||
+ | * Date: 2013-01-06 | ||
+ | * Author: Stas Malyshev < | ||
+ | * Status: Under Discussion | ||
+ | * First Published at: http:// | ||
+ | * See also: https:// | ||
+ | * Implementation: | ||
+ | |||
+ | This RFC discusses improvement for CURL file uploading option. | ||
+ | ===== Introduction ===== | ||
+ | |||
+ | Currently, cURL file uploading is done as: | ||
+ | |||
+ | <code php> | ||
+ | curl_setopt($curl_handle, | ||
+ | $args[' | ||
+ | curl_setopt($curl_handle, | ||
+ | </ | ||
+ | |||
+ | This API is both invonvenient and insecure, it is impossible to send data starting with ' | ||
+ | |||
+ | ===== CurlFile proposal ===== | ||
+ | |||
+ | Instead of using the above method, the following should be used to upload files with CURLOPT_POSTFIELDS: | ||
+ | |||
+ | <code php> | ||
+ | curl_setopt($curl_handle, | ||
+ | $args[' | ||
+ | curl_setopt($curl_handle, | ||
+ | </ | ||
+ | |||
+ | The curl API will be modified to look for objects of type CurlFile and treat them as entries with @ were previously treated. | ||
+ | |||
+ | The file given to CurlFile will not be opened/read until curl_setopt() call. | ||
+ | ===== CURLFile API ===== | ||
+ | |||
+ | <code php> | ||
+ | class CURLFile | ||
+ | { | ||
+ | /** | ||
+ | * Create CurlFile object | ||
+ | * @param string $name File name | ||
+ | * @param string $mimetype Mime type, optional | ||
+ | * @param string $postfilename Post filename, defaults to actual filename | ||
+ | */ | ||
+ | public function __construct($name, | ||
+ | {} | ||
+ | |||
+ | /** | ||
+ | * Set mime type | ||
+ | * @param string $mimetype | ||
+ | * @return CurlFile | ||
+ | */ | ||
+ | public function setMimeType($mimetype) | ||
+ | {} | ||
+ | |||
+ | /** | ||
+ | * Set mime type | ||
+ | * @param string $mimetype | ||
+ | * @return string | ||
+ | */ | ||
+ | public function getMimeType($mimetype) | ||
+ | {} | ||
+ | |||
+ | /** | ||
+ | * Get file name from which the data will be read | ||
+ | * @return string | ||
+ | */ | ||
+ | public function getFilename() | ||
+ | {} | ||
+ | |||
+ | /** | ||
+ | * Get file name which will be sent in the post | ||
+ | * @param string $name File name | ||
+ | * @return string | ||
+ | */ | ||
+ | public function setPostFilename($name) | ||
+ | {} | ||
+ | |||
+ | /** | ||
+ | * Set file name which will be sent in the post | ||
+ | * @return string | ||
+ | * @return CurlFile | ||
+ | */ | ||
+ | public function getPostFilename() | ||
+ | {} | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Also, the functional API to creating CURLFile is provided by request: | ||
+ | |||
+ | <code php> | ||
+ | /** | ||
+ | * Create CURLFile object | ||
+ | * @param string $name File name | ||
+ | * @param string $mimetype Mime type, optional | ||
+ | * @param string $postfilename Post filename, defaults to actual filename | ||
+ | */ | ||
+ | function curl_file_create($name, | ||
+ | {} | ||
+ | </ | ||
+ | |||
+ | This will create a new ```CURLFile``` object just as ```new CURLFile()``` would. | ||
+ | ===== Backward compatibility ===== | ||
+ | |||
+ | A new option is introduced: '' | ||
+ | |||
+ | <code php> | ||
+ | curl_setopt($curl_handle, | ||
+ | </ | ||
+ | |||
+ | In 5.6, @ option will be switched off by default, but can still be enabled by explicit curl_setopt setting, such as: | ||
+ | |||
+ | <code php> | ||
+ | curl_setopt($curl_handle, | ||
+ | </ | ||
+ | |||
+ | In future versions, this capability may be removed completely. | ||
+ | ===== Optional ===== | ||
+ | * If upstream cURL API permits, we could add in the future uploading files from string buffers, stream names, stream resources and such, which is now impossible with existing @-based API. The CurlFile API above will then be extended with required functions to support these, such as " | ||
+ | |||
+ | * It is possible to include validation of the file resource given in the constructor, | ||
+ | |||
+ | ===== References ===== | ||
+ | * CURL form API: http:// | ||
+ | * curl_setopt: | ||
+ | * Pull request: https:// | ||
+ | ===== Changelog ===== | ||
+ | * 2013-01-05 First draft | ||
+ | * 2013-01-06 Added pull req | ||
+ | * 2013-01-07 Added CURLOPT_SAFE_UPLOAD description | ||
+ | * 2013-01-12 Added curl_file_create() | ||
+ | |||
+ | |||
rfc/curl-file-upload.txt · Last modified: 2018/07/03 19:16 by stas