// Don't interpret POST parameters starting with '@' as file uploads, because this
// makes it impossible to POST plain values starting with '@' (and causes security
// issues potentially exposing the contents of local files).
- // The PHP manual says this option was introduced in PHP 5.5 defaults to true in PHP 5.6,
- // but we support lower versions, and the option doesn't exist in HHVM 5.6.99.
- if ( defined( 'CURLOPT_SAFE_UPLOAD' ) ) {
- $this->curlOptions[CURLOPT_SAFE_UPLOAD] = true;
- } elseif ( is_array( $postData ) ) {
- // In PHP 5.2 and later, '@' is interpreted as a file upload if POSTFIELDS
- // is an array, but not if it's a string. So convert $req['body'] to a string
- // for safety.
- $postData = wfArrayToCgi( $postData );
- }
+ $this->curlOptions[CURLOPT_SAFE_UPLOAD] = true;
$this->curlOptions[CURLOPT_POSTFIELDS] = $postData;
// Suppress 'Expect: 100-continue' header, as some servers
$curlHandle = curl_init( $this->url );
if ( !curl_setopt_array( $curlHandle, $this->curlOptions ) ) {
+ $this->status->fatal( 'http-internal-error' );
throw new InvalidArgumentException( "Error setting curl options." );
}
return false;
}
- if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) {
- if ( strval( ini_get( 'open_basedir' ) ) !== '' ) {
- $this->logger->debug( "Cannot follow redirects when open_basedir is set\n" );
- return false;
- }
- }
-
return true;
}
}