Newer versions of libcurl prevent file:// location response headers by default,
which means that the open_basedir check is unnecessary — the fact
CURLOPT_REDIR_PROTOCOLS can't set CURLPROTO_FILE with open_basedir enabled
means that there's no possibility of breaching the open_basedir restriction,
and this allows HTTP redirects to be followed automatically.
Implements FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or
safe_mode).
At present, when curl_setopt() is called with an option that requires the
creation of a curl_slist, we simply push the new curl_slist onto a list to be
freed when the curl handle is freed. This avoids a memory leak, but means that
repeated calls to curl_setopt() on the same handle with the same option wastes
previously allocated memory on curl_slist structs that will no longer be read.
This commit changes the zend_llist that was previously used to track the lists
to a HashTable keyed by the option number, which means that we can simply
update the hash table each time curl_setopt() is called.
Fixes bug #65458 (curl memory leak).
Previous implementation was using its own refcounting (uses field of
the php_curl struct). zend_list_add/remove already implements its own
refcount, so we don't need to use an other one.
When CURLOPT_POSTFIELDS is called more than once on the same
curl handle, php/curl did not free the memory of the previous
post data. This commit will fix the problem unless the curl
handle was previously duplicated using the curl_copy_handle()
function in which case we can not know if the post data is
still in use or not by any curl handle
Add the curl_pause function (binding of curl_easy_pause).
Using this function, you can explicitly mark a running connection
to get paused, and you can unpause a connection that was
previously paused.
Add the support for both curl_strerror and curl_multi_strerror.
Those function will return a string describing the error code
passed in the argument errornum
Libcurl is doing connection caching. When easy handle is cleaned up,
if the handle was previously used by the curl_multi_api, the connection
remains open un the curl multi handle is cleaned up. Some protocols are
sending content like the FTP one, and libcurl try to use the
WRITEFUNCTION or the HEADERFUNCTION. Since structures used in those
callback are freed, we need to use an other callback to which avoid
segfaults.
Libcurl commit d021f2e8a00 fix this issue and should be part of 7.28.2
* PHP-5.4:
Update NEWS file
Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST)
* PHP-5.3:
Update NEWS file
Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers)
CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST)
Conflicts:
ext/curl/interface.c
ext/curl/tests/bug63363.phpt
CURLINFO_CERTINFO is available since 7.19.1. The cURL extension
allow to use it since this same version but the internal function
create_certinfo used internally for CURLINFO_CERTINFO usage
is only usable for version greater than 7.19.1 which will cause
problem if the user is using the 7.19.1 cURL version