php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77617 curl_setopt_array Triggers warning when used with CURLFile in CURLOPT_POSTFIELD
Submitted: 2019-02-13 23:53 UTC Modified: 2020-03-11 14:23 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: lawrence at dub3solutions dot com Assigned: bishop (profile)
Status: Assigned Package: cURL related
PHP Version: 7.2.15 OS: CentOS 7
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lawrence at dub3solutions dot com
New email:
PHP Version: OS:

 

 [2019-02-13 23:53 UTC] lawrence at dub3solutions dot com 
Description:
------------
When building an options array, setting one of the CURLOPT_POSTFIELDS key/values to a CURLFile object will result in the following PHP Warning:

PHP Warning:  curl_setopt_array(): Invalid filename for key variable_name

When this warning is raised, curl_setopt_array returns true, and proceeds normally except it skips any files added.

Not sure if this is the proper method, but I was asked to tag @bishop who was following my issue on stackoverflow.

https://stackoverflow.com/questions/54680799/php-7-2-curlfile-gives-invalid-filename-warning

Test script:
---------------
$curl = curl_init();
$curlOpts = array(
	CURLOPT_POST => 1,
	CURLOPT_URL => $postUrl,
	CURLOPT_TIMEOUT => 20,
	CURLOPT_RETURNTRANSFER => 1,
	CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
	CURLOPT_USERPWD => 'apikey'
);

$postFields = array('var1' => 'value');
$postFields['variable_name'] = curl_file_create($filePath);
$curlOpts[CURLOPT_POSTFIELDS] = $postFields;
curl_setopt_array($curl, $curlOpts);
$curl_response = curl_exec($curl);
$info = curl_getinfo($curl);
curl_close($curl);

Expected result:
----------------
I would expect the file to get added to the curl options.

Actual result:
--------------
The file is ignored and a warning is added to the http logs

PHP Warning:  curl_setopt_array(): Invalid filename for key variable_name

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-13 23:58 UTC] bishop@php.net
-Assigned To: +Assigned To: bishop
 [2019-02-15 21:20 UTC] bishop@php.net
-Status: Assigned +Status: Feedback
 [2019-02-15 21:20 UTC] bishop@php.net 
This appears to depend very much on the exact file name path passed as the first argument to curl_file_create. Can you copy & paste an example of path raising this error, as well as provide information about what kind of filesystem this file resides? Additionally, can you try with this sample code:

<?php 

error_reporting(-1);

$file = tmpfile();
$path = stream_get_meta_data($file)['uri'];
file_put_contents($path, md5(random_bytes(64)));

$opts = [ 
    CURLOPT_URL => 'https://postman-echo.com/post',
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => [
        'file' => curl_file_create($path),
    ],  
];  

$curl = curl_init();
$pass = curl_setopt_array($curl, $opts);
 [2019-02-15 21:41 UTC] lawrence at dub3solutions dot com
-Status: Feedback +Status: Assigned
 [2019-02-15 21:41 UTC] lawrence at dub3solutions dot com 
The supplied test code returns true for $pass. In fact, it also works if I set $path to the exact file I was using when I was getting the error. See below for the exact code. The only thing I have changed is fourth and fifth level directory names for privacy, but the renamed folders are identical in length and character type to what I was using.

<?php

error_reporting(-1);

//$file = tmpfile();
//$path = stream_get_meta_data($file)['uri'];
//file_put_contents($path, md5(random_bytes(64)));

$path = '/var/www/sites/Abc1/abc-de.abc1abcd.com/wp-content/uploads/d3dforms_contact/contact_20190214_1936.csv';

$opts = [
    CURLOPT_URL => 'https://postman-echo.com/post',
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => [
        'file' => curl_file_create($path),
    ],
];

$curl = curl_init();
$pass = curl_setopt_array($curl, $opts);

print $pass;


Could it be that when adding in the authorization parameters something gets mixed up? The contents of the file are very light in case you want them:

"First Name","Last Name",Email,Company,Phone,Interests,Subject,Message,Picture,"Pardot ID","Date Submitted","Remote IP"
Lawrence,Johnson,lj@test.com,,,"Industry Information",,"Test message here

More info.",/wp-content/uploads/d3dforms_contact/GUTGfallkvaqeNHrY7h830t4Hwv7UZ/d98b99127be5eeab40225f8de2e15ae222cd04e8.jpg,,"2019-02-14 10:57:59",AA.BB.CC.DD
 [2019-02-15 21:45 UTC] lawrence at dub3solutions dot com 
I should also add that my http logs did not trigger the file name warning for your test or the modified one I did.
 [2020-03-11 14:23 UTC] cmb@php.net 
> Invalid filename for key […]

This warning is only raised if the CURLFILE::$name property isn't
a string[1], which can only happen if something other than a
string is assigned to the property directly.  That doesn't happen
in the supplied test script, so I can neither reproduce nor
understand the reported behavior.

> When this warning is raised, curl_setopt_array returns true, and
> proceeds normally except it skips any files added.

According to the documentation[2], that would be a bug (emphasis
mine):

| Returns TRUE if *all* options were successfully set.

[1] <https://github.com/php/php-src/blob/php-7.3.15/ext/curl/interface.c#L2818-L2820>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 20:01:29 2024 UTC