Both sides previous revisionPrevious revisionNext revision | Previous revision |
rfc:curl-file-upload [2013/01/21 01:30] – vote stas | rfc:curl-file-upload [2018/07/03 19:16] (current) – stas |
---|
* Date: 2013-01-06 | * Date: 2013-01-06 |
* Author: Stas Malyshev <stas@php.net> | * Author: Stas Malyshev <stas@php.net> |
* Status: Under Discussion | * Status: Implemented in PHP 5.5 |
* First Published at: http://wiki.php.net/rfc/curl-file-upload | * First Published at: http://wiki.php.net/rfc/curl-file-upload |
* See also: https://bugs.php.net/bug.php?id=46439 | * See also: https://bugs.php.net/bug.php?id=46439 |
</code> | </code> |
| |
This API is both invonvenient and insecure, it is impossible to send data starting with '@' to the POST, and any user data that is being re-sent via cURL need to be sanitized so that the data value does not start with @. In general, in-bound signalling usually vulnerable to all sorts of injections and better not done in this way. | This API is both inconvenient and insecure, it is impossible to send data starting with '@' to the POST, and any user data that is being re-sent via cURL need to be sanitized so that the data value does not start with @. In general, in-bound signalling usually vulnerable to all sorts of injections and better not done in this way. |
| |
===== CurlFile proposal ===== | ===== CurlFile proposal ===== |
===== Vote ===== | ===== Vote ===== |
| |
Voting ends on Monday, January 28th 2013. In order to pass, the requirement is 50%+1 vote, since PHP core language is not changed. | Voting ended on Monday, January 28th 2013. In order to pass, the requirement is 50%+1 vote, since PHP core language is not changed. The result is: **ACCEPTED**. |
| |
<doodle | <doodle |
title="Accept the CURLFile API as preferred solution for file uploads in CURL?" auth="stas" voteType="single" closed="False"> | title="Accept the CURLFile API as preferred solution for file uploads in CURL?" auth="stas" voteType="single" closed="True"> |
* Yes | * Yes |
* No | * No |