Remove redundant CURLOPT_SAFE_UPLOAD line from MultiHttpClient

This is true by default since PHP 5.6.
See https://www.php.net/manual/en/function.curl-setopt.php.

Change-Id: I87ad4703d396efe1eef4dced55e0b0042031b73f

diff --git a/includes/libs/http/MultiHttpClient.php b/includes/libs/http/MultiHttpClient.php
index 2e3aa70..0f11059 100644 (file)
--- a/includes/libs/http/MultiHttpClient.php
+++ b/includes/libs/http/MultiHttpClient.php
@@ -358,10 +358,6 @@ class MultiHttpClient implements LoggerAwareInterface {
                        );
                } elseif ( $req['method'] === 'POST' ) {
                        curl_setopt( $ch, CURLOPT_POST, 1 );
-                       // Don't interpret POST parameters starting with '@' as file uploads, because this
-                       // makes it impossible to POST plain values starting with '@' (and causes security
-                       // issues potentially exposing the contents of local files).
-                       curl_setopt( $ch, CURLOPT_SAFE_UPLOAD, true );
                        curl_setopt( $ch, CURLOPT_POSTFIELDS, $req['body'] );
                } else {
                        if ( is_resource( $req['body'] ) || $req['body'] !== '' ) {