From: Aaron Schulz <aschulz@wikimedia.org>
Date: Thu, 5 Sep 2019 13:54:46 +0000 (-0700)
Subject: Remove redundant CURLOPT_SAFE_UPLOAD line from MultiHttpClient
X-Git-Tag: 1.34.0-rc.0~382^2
X-Git-Url: http://git.cyclocoop.org/data/%24oldEdit?a=commitdiff_plain;h=a540ad5c3b50bf1719963261fac2e61ae8b50aa2;p=lhc%2Fweb%2Fwiklou.git

Remove redundant CURLOPT_SAFE_UPLOAD line from MultiHttpClient

This is true by default since PHP 5.6.
See https://www.php.net/manual/en/function.curl-setopt.php.

Change-Id: I87ad4703d396efe1eef4dced55e0b0042031b73f
---

diff --git a/includes/libs/http/MultiHttpClient.php b/includes/libs/http/MultiHttpClient.php
index 2e3aa70e4e..0f110598c6 100644
--- a/includes/libs/http/MultiHttpClient.php
+++ b/includes/libs/http/MultiHttpClient.php
@@ -358,10 +358,6 @@ class MultiHttpClient implements LoggerAwareInterface {
 			);
 		} elseif ( $req['method'] === 'POST' ) {
 			curl_setopt( $ch, CURLOPT_POST, 1 );
-			// Don't interpret POST parameters starting with '@' as file uploads, because this
-			// makes it impossible to POST plain values starting with '@' (and causes security
-			// issues potentially exposing the contents of local files).
-			curl_setopt( $ch, CURLOPT_SAFE_UPLOAD, true );
 			curl_setopt( $ch, CURLOPT_POSTFIELDS, $req['body'] );
 		} else {
 			if ( is_resource( $req['body'] ) || $req['body'] !== '' ) {