I've got a cURL upload that fails after upgrading from PHP 5.5 to 5.6:
$aPost = array(
'file' => "@".$localFile,
'default_file' => 'html_version.html',
'expiration' => (2*31*24*60*60)
)
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiurl);
curl_setopt($ch, CURLOPT_TIMEOUT, 120);
curl_setopt($ch, CURLOPT_BUFFERSIZE, 128);
curl_setopt($ch, CURLOPT_POSTFIELDS, $aPost);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$sResponse = curl_exec ($ch);
The file seems to be empty on the target system.
Actually I found the answer while starting the question. There is a new Variable included with curl in PHP 5.5: CURLOPT_SAFE_UPLOAD this is set to false by default in PHP 5.5 and is switched to a default of true in PHP 5.6.
This will prevent the '@' upload modifier from working for security reasons - user input could contain malicious upload requests. You can use the CURLFile class to upload files while CURLOPT_SAFE_UPLOAD is set to true or (if you're sure your variables are safe you can switch the CURLOPT_SAFE_UPLOAD to false manually):
curl_setopt($ch, CURLOPT_SAFE_UPLOAD, false);
Here's a source for the information that got me searching in the right direction: http://comments.gmane.org/gmane.comp.php.devel/87521
It's mentioned in the changed functions too: http://php.net/manual/en/migration56.changed-functions.php
But not in the backward incompatible changes, really tripped me off...
Just do following changes for PHP 5.5 or greater
Instead of "@" . $localFile just use new \CURLFile($localFile)
And set
curl_setopt($ch, CURLOPT_SAFE_UPLOAD, true);
Include a runtime check to make your code compatible with lower versions too like below
$aPost = array(
'default_file' => 'html_version.html',
'expiration' => (2*31*24*60*60)
)
if ((version_compare(PHP_VERSION, '5.5') >= 0)) {
$aPost['file'] = new CURLFile($localFile);
curl_setopt($ch, CURLOPT_SAFE_UPLOAD, true);
} else {
$aPost['file'] = "@".$localFile;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiurl);
curl_setopt($ch, CURLOPT_TIMEOUT, 120);
curl_setopt($ch, CURLOPT_BUFFERSIZE, 128);
curl_setopt($ch, CURLOPT_POSTFIELDS, $aPost);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$sResponse = curl_exec ($ch);
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 老娘就宠你 的文章《cURL file uploads not working anymore after upgrad》','https://www.manongdao.com/article-89312.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}