From a540ad5c3b50bf1719963261fac2e61ae8b50aa2 Mon Sep 17 00:00:00 2001
From: Aaron Schulz <aschulz@wikimedia.org>
Date: Thu, 5 Sep 2019 06:54:46 -0700
Subject: [PATCH] Remove redundant CURLOPT_SAFE_UPLOAD line from
 MultiHttpClient

This is true by default since PHP 5.6.
See https://www.php.net/manual/en/function.curl-setopt.php.

Change-Id: I87ad4703d396efe1eef4dced55e0b0042031b73f
---
 includes/libs/http/MultiHttpClient.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/includes/libs/http/MultiHttpClient.php b/includes/libs/http/MultiHttpClient.php
index 2e3aa70e4e..0f110598c6 100644
--- a/includes/libs/http/MultiHttpClient.php
+++ b/includes/libs/http/MultiHttpClient.php
@@ -358,10 +358,6 @@ class MultiHttpClient implements LoggerAwareInterface {
 			);
 		} elseif ( $req['method'] === 'POST' ) {
 			curl_setopt( $ch, CURLOPT_POST, 1 );
-			// Don't interpret POST parameters starting with '@' as file uploads, because this
-			// makes it impossible to POST plain values starting with '@' (and causes security
-			// issues potentially exposing the contents of local files).
-			curl_setopt( $ch, CURLOPT_SAFE_UPLOAD, true );
 			curl_setopt( $ch, CURLOPT_POSTFIELDS, $req['body'] );
 		} else {
 			if ( is_resource( $req['body'] ) || $req['body'] !== '' ) {
-- 
2.20.1