rfc:curl-file-upload

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rfc:curl-file-upload [2013/01/09 00:59] – [Changelog] stasrfc:curl-file-upload [2018/07/03 19:16] (current) stas
Line 3: Line 3:
   * Date: 2013-01-06   * Date: 2013-01-06
   * Author: Stas Malyshev <stas@php.net>   * Author: Stas Malyshev <stas@php.net>
-  * Status: Under Discussion+  * Status: Implemented in PHP 5.5
   * First Published at: http://wiki.php.net/rfc/curl-file-upload   * First Published at: http://wiki.php.net/rfc/curl-file-upload
   * See also: https://bugs.php.net/bug.php?id=46439   * See also: https://bugs.php.net/bug.php?id=46439
Line 19: Line 19:
 </code> </code>
  
-This API is both invonvenient and insecure, it is impossible to send data starting with '@' to the POST, and any user data that is being re-sent via cURL need to be sanitized so that the data value does not start with @. In general, in-bound signalling usually vulnerable to all sorts of injections and better not done in this way.+This API is both inconvenient and insecure, it is impossible to send data starting with '@' to the POST, and any user data that is being re-sent via cURL need to be sanitized so that the data value does not start with @. In general, in-bound signalling usually vulnerable to all sorts of injections and better not done in this way.
  
 ===== CurlFile proposal ===== ===== CurlFile proposal =====
Line 34: Line 34:
  
 The file given to CurlFile will not be opened/read until curl_setopt() call.  The file given to CurlFile will not be opened/read until curl_setopt() call. 
-===== CurlFile API =====+===== CURLFile API =====
  
 <code php> <code php>
-class CurlFile+class CURLFile
 { {
     /**     /**
Line 88: Line 88:
 } }
 </code> </code>
 +
 +Also, the functional API to creating CURLFile is provided by request:
 +
 +<code php>
 +    /**
 +     * Create CURLFile object
 +     * @param string $name File name
 +     * @param string $mimetype Mime type, optional
 +     * @param string $postfilename Post filename, defaults to actual filename
 +     */
 +    function curl_file_create($name, $mimetype = '', $postfilename = '')
 +    {}
 +</code>
 +
 +This will create a new ```CURLFile``` object just as ```new CURLFile()``` would.
 ===== Backward compatibility ===== ===== Backward compatibility =====
  
Line 105: Line 120:
 ===== Optional ===== ===== Optional =====
   * If upstream cURL API permits, we could add in the future uploading files from string buffers, stream names, stream resources and such, which is now impossible with existing @-based API. The CurlFile API above will then be extended with required functions to support these, such as "setUploadData()", "setUploadStream()" etc.    * If upstream cURL API permits, we could add in the future uploading files from string buffers, stream names, stream resources and such, which is now impossible with existing @-based API. The CurlFile API above will then be extended with required functions to support these, such as "setUploadData()", "setUploadStream()" etc. 
- 
-  * For people that are not comfortable with "new" operator, we could also add duplicate function-only API like:  
- 
-<code php> 
-$data['file'] = curl_file_upload($filename, $mime); 
-</code> 
  
    * It is possible to include validation of the file resource given in the constructor, so that appropriate error message can be produced if this file can not be read.     * It is possible to include validation of the file resource given in the constructor, so that appropriate error message can be produced if this file can not be read. 
Line 118: Line 127:
     * curl_setopt: http://php.net/manual/en/function.curl-setopt.php     * curl_setopt: http://php.net/manual/en/function.curl-setopt.php
     * Pull request: https://github.com/php/php-src/pull/255     * Pull request: https://github.com/php/php-src/pull/255
 +
 +===== Vote =====
 +
 +Voting ended on Monday, January 28th 2013. In order to pass, the requirement is 50%+1 vote, since PHP core language is not changed. The result is: **ACCEPTED**.
 +
 +<doodle 
 +title="Accept the CURLFile API as preferred solution for file uploads in CURL?" auth="stas" voteType="single" closed="True">
 +   * Yes
 +   * No
 +</doodle>
 +
 ===== Changelog ===== ===== Changelog =====
   * 2013-01-05 First draft   * 2013-01-05 First draft
   * 2013-01-06 Added pull req   * 2013-01-06 Added pull req
   * 2013-01-07 Added CURLOPT_SAFE_UPLOAD description   * 2013-01-07 Added CURLOPT_SAFE_UPLOAD description
 +  * 2013-01-12 Added curl_file_create()
  
  
rfc/curl-file-upload.1357693174.txt.gz · Last modified: 2017/09/22 13:28 (external edit)