Hi!
I'm thinking maybe the best solution is to have a new class - say,
CurlFile - and do this:
$file = new CurlFile("myface.png", "image/png");
curl_setopt($ch, CURLOPT_POSTFIELDS, array("foo" => "bar", "picture" =>
$file);
This would allow us to do two things:
1. Protect ourselves from injection since you can not inject objects
(there's still a matter of serialized data, but this can be handled by
the class itself).
2. Support much more options in the file - e.g., right now it does not
support streams, but libcurl has CURLFORM_STREAM - maybe we could use
it, or maybe just read in the stream data and use it as CURLFORM_BUFFER.
Of course, that would not work for big files, but here we are able to
use much more options than with old @-based API.
Any holes in this idea? If not, I'll try to make an RFC for it.
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
