php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77617 curl_setopt_array Triggers warning when used with CURLFile in CURLOPT_POSTFIELD
Submitted: 2019-02-13 23:53 UTC Modified: 2020-03-11 14:23 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: lawrence at dub3solutions dot com Assigned: bishop (profile)
Status: Assigned Package: cURL related
PHP Version: 7.2.15 OS: CentOS 7
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-02-13 23:53 UTC] lawrence at dub3solutions dot com
Description:
------------
When building an options array, setting one of the CURLOPT_POSTFIELDS key/values to a CURLFile object will result in the following PHP Warning:

PHP Warning:  curl_setopt_array(): Invalid filename for key variable_name

When this warning is raised, curl_setopt_array returns true, and proceeds normally except it skips any files added.

Not sure if this is the proper method, but I was asked to tag @bishop who was following my issue on stackoverflow.

https://stackoverflow.com/questions/54680799/php-7-2-curlfile-gives-invalid-filename-warning

Test script:
---------------
$curl = curl_init();
$curlOpts = array(
	CURLOPT_POST => 1,
	CURLOPT_URL => $postUrl,
	CURLOPT_TIMEOUT => 20,
	CURLOPT_RETURNTRANSFER => 1,
	CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
	CURLOPT_USERPWD => 'apikey'
);

$postFields = array('var1' => 'value');
$postFields['variable_name'] = curl_file_create($filePath);
$curlOpts[CURLOPT_POSTFIELDS] = $postFields;
curl_setopt_array($curl, $curlOpts);
$curl_response = curl_exec($curl);
$info = curl_getinfo($curl);
curl_close($curl);

Expected result:
----------------
I would expect the file to get added to the curl options.

Actual result:
--------------
The file is ignored and a warning is added to the http logs

PHP Warning:  curl_setopt_array(): Invalid filename for key variable_name

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-13 23:58 UTC] bishop@php.net
-Assigned To: +Assigned To: bishop
 [2019-02-15 21:20 UTC] bishop@php.net
-Status: Assigned +Status: Feedback
 [2019-02-15 21:20 UTC] bishop@php.net
This appears to depend very much on the exact file name path passed as the first argument to curl_file_create. Can you copy & paste an example of path raising this error, as well as provide information about what kind of filesystem this file resides? Additionally, can you try with this sample code:

<?php 

error_reporting(-1);

$file = tmpfile();
$path = stream_get_meta_data($file)['uri'];
file_put_contents($path, md5(random_bytes(64)));

$opts = [ 
    CURLOPT_URL => 'https://postman-echo.com/post',
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => [
        'file' => curl_file_create($path),
    ],  
];  

$curl = curl_init();
$pass = curl_setopt_array($curl, $opts);
 [2019-02-15 21:41 UTC] lawrence at dub3solutions dot com
-Status: Feedback +Status: Assigned
 [2019-02-15 21:41 UTC] lawrence at dub3solutions dot com
The supplied test code returns true for $pass. In fact, it also works if I set $path to the exact file I was using when I was getting the error. See below for the exact code. The only thing I have changed is fourth and fifth level directory names for privacy, but the renamed folders are identical in length and character type to what I was using.

<?php

error_reporting(-1);

//$file = tmpfile();
//$path = stream_get_meta_data($file)['uri'];
//file_put_contents($path, md5(random_bytes(64)));

$path = '/var/www/sites/Abc1/abc-de.abc1abcd.com/wp-content/uploads/d3dforms_contact/contact_20190214_1936.csv';

$opts = [
    CURLOPT_URL => 'https://postman-echo.com/post',
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => [
        'file' => curl_file_create($path),
    ],
];

$curl = curl_init();
$pass = curl_setopt_array($curl, $opts);

print $pass;


Could it be that when adding in the authorization parameters something gets mixed up? The contents of the file are very light in case you want them:

"First Name","Last Name",Email,Company,Phone,Interests,Subject,Message,Picture,"Pardot ID","Date Submitted","Remote IP"
Lawrence,Johnson,lj@test.com,,,"Industry Information",,"Test message here

More info.",/wp-content/uploads/d3dforms_contact/GUTGfallkvaqeNHrY7h830t4Hwv7UZ/d98b99127be5eeab40225f8de2e15ae222cd04e8.jpg,,"2019-02-14 10:57:59",AA.BB.CC.DD
 [2019-02-15 21:45 UTC] lawrence at dub3solutions dot com
I should also add that my http logs did not trigger the file name warning for your test or the modified one I did.
 [2020-03-11 14:23 UTC] cmb@php.net
> Invalid filename for key […]

This warning is only raised if the CURLFILE::$name property isn't
a string[1], which can only happen if something other than a
string is assigned to the property directly.  That doesn't happen
in the supplied test script, so I can neither reproduce nor
understand the reported behavior.

> When this warning is raised, curl_setopt_array returns true, and
> proceeds normally except it skips any files added.

According to the documentation[2], that would be a bug (emphasis
mine):

| Returns TRUE if *all* options were successfully set.

[1] <https://github.com/php/php-src/blob/php-7.3.15/ext/curl/interface.c#L2818-L2820>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 06:01:30 2024 UTC