diff options
Diffstat (limited to 'it_url.class')
| -rw-r--r-- | it_url.class | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/it_url.class b/it_url.class index 817630f..2664169 100644 --- a/it_url.class +++ b/it_url.class @@ -198,13 +198,13 @@ static function curl_opts($p=array()) $p += [ 'totaltimeout' => "999999", 'timeout' => 5, - 'followlocation' => true, - 'accept_encoding' => '', # set header to accept any supported encoding and enable automatic decompression + 'followlocation' => !$p['files'], # disallow redirects for file uploads as recommended by https://curl.se/libcurl/security.html + 'accept_encoding' => '', # set header to accept any supported encoding and enable automatic decompression ]; $add = []; foreach ($p['headers'] as $header => $value) - $headers[] = "$header: $value"; + $headers[] = strtr("$header: $value", "\n\r", ' '); # file upload foreach ((array)$p['files'] as $field => $filename) @@ -250,6 +250,7 @@ static function curl_opts($p=array()) CURLOPT_CUSTOMREQUEST => $p['method'] ?: null, CURLOPT_NOBODY => $p['method'] == 'HEAD', CURLOPT_SAFE_UPLOAD => true, # disable special meaning of @value in POST forms (security) + CURLOPT_PROTOCOLS => CURLPROTO_HTTP | CURLPROTO_HTTPS, CURLOPT_CAPATH => '/etc/ssl/certs/', CURLOPT_SSL_VERIFYPEER => !$p['allow_insecure_ssl'], |