Hi Stas,
I think you're right using object is the safest way to do it safely.
It might look strange because there are no object at all in the
current extension and the procedural function will use in this
specific case an object but still we have to provide a safe way to do
it.
I also agree with Johannes, the php/curl api is not the easiest one to
use, mainly due to the number of available functionalities. pecl/http
is really a nicer api, and it is easier to work with but it don't
offer all the functionnalities libcurl do. Maybe Mike is planning to
add all of those ?
Pierrick
On 2 January 2013 02:15, Stas Malyshev <smalys...@sugarcrm.com> wrote:
> Hi!
>
> I'm thinking maybe the best solution is to have a new class - say,
> CurlFile - and do this:
>
> $file = new CurlFile("myface.png", "image/png");
> curl_setopt($ch, CURLOPT_POSTFIELDS, array("foo" => "bar", "picture" =>
> $file);
>
> This would allow us to do two things:
> 1. Protect ourselves from injection since you can not inject objects
> (there's still a matter of serialized data, but this can be handled by
> the class itself).
> 2. Support much more options in the file - e.g., right now it does not
> support streams, but libcurl has CURLFORM_STREAM - maybe we could use
> it, or maybe just read in the stream data and use it as CURLFORM_BUFFER.
> Of course, that would not work for big files, but here we are able to
> use much more options than with old @-based API.
>
> Any holes in this idea? If not, I'll try to make an RFC for it.
> --
> Stanislav Malyshev, Software Architect
> SugarCRM: http://www.sugarcrm.com/
> (408)454-6900 ext. 227
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
