Hi! I'm thinking maybe the best solution is to have a new class - say, CurlFile - and do this:
$file = new CurlFile("myface.png", "image/png"); curl_setopt($ch, CURLOPT_POSTFIELDS, array("foo" => "bar", "picture" => $file); This would allow us to do two things: 1. Protect ourselves from injection since you can not inject objects (there's still a matter of serialized data, but this can be handled by the class itself). 2. Support much more options in the file - e.g., right now it does not support streams, but libcurl has CURLFORM_STREAM - maybe we could use it, or maybe just read in the stream data and use it as CURLFORM_BUFFER. Of course, that would not work for big files, but here we are able to use much more options than with old @-based API. Any holes in this idea? If not, I'll try to make an RFC for it. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php