Set post option to false disables upload

[MonkeybreadSoftware]

A client updated an application using curl library for sending emails via SMTP.

After "235 Authentication succeeded", we see that CURL sends VRFY commands instead of RCPT TO.

In smtp.c, I see that data->set.upload is not set, but in set opt.c I see it is set.

Later it turns out that setting Post to 0 also sets Upload option to 0.

May it be reasonable to request that setting Post to 1 clears upload flag and setting post to 0 lets it alone?

[MonkeybreadSoftware]

e.g. in code:

  case CURLOPT_POST:
    /* Does this option serve a purpose anymore? Yes it does, when
       CURLOPT_POSTFIELDS isn't used and the POST data is read off the
       callback! */
    if(va_arg(param, long)) {
      data->set.method = HTTPREQ_POST;
      data->set.opt_no_body = FALSE; /* this is implied */
    }
    else
      data->set.method = HTTPREQ_GET;
    data->set.upload = FALSE;
    break;

move the line "data->set.upload = FALSE;" up three lines into the block for when value is true.

[bagder]

For what purpose are you setting this option ? I don't think setting upload to false is a bug.

[MonkeybreadSoftware]

This is for sending email via SMTP.

We use various classes in programming and they have properties for CURL options like post, upload or URL. We transfer them to curl later. We wouldn't expect to set Upload = true and Post = false and then end up having Upload = false.

[bagder]

You need to provide a better motivation than that. There is no clear "opposite" of POST so its not just a boolean on/off, which is why setting the option to any value will do something. The change here that you don't like fixed a security problem so while I'm prepared to discuss other ways to go about that. It seems to me you can just avoid setting POST in the first place since it is not used for SMTP at all?

[MonkeybreadSoftware]

Now that I know it, we'll work around it.
e.g. by setting POST before Upload property.

[bagder]

Why do you set POST at all?

And why do you set POST and UPLOAD?

[MonkeybreadSoftware]

because a curl object may be reused and I may not now what was set before?

As said, the code used to work and set Post to false and Upload to true for sending an email.

[bagder]

But there is such thing as "un-POSTING" by setting POST to 0. There is no opposite of POST. You need to instead set what you want it to do. Like UPLOAD.

[2i-mh]

As a side node, I think it might be a good idea to update the documentation for CURLOPT_MIMEPOST too, as it seems to show the same behavior now.