Hi, Am 25.10.2012 um 07:03 schrieb JJ <ja...@php.net>: [...] > My solution was to check the type for CURLOPT_SSL_VERIFYHOST: if it is > boolean and true, the opt value for libcurl is set to 2L. > > I understand that engineers should have the proper option value to > begin with but weighing the impact of this (MITM attacks) against > doing what they probably meant anyways is worth the presumption. > > Please discuss and adjust the patch if necessary.
Good find. I would suggest to not actually change the behavior but throw a warning when a boolean is passed and advise the user to either pass int(1) explicitly or use int(2). Link to the manual in the warning and be good. cu, Lars -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
