Index: openacs-4/packages/acs-tcl/tcl/http-client-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/http-client-procs.tcl,v diff -u -r1.1.2.11 -r1.1.2.12 --- openacs-4/packages/acs-tcl/tcl/http-client-procs.tcl 12 Aug 2014 17:17:21 -0000 1.1.2.11 +++ openacs-4/packages/acs-tcl/tcl/http-client-procs.tcl 27 Nov 2014 15:01:19 -0000 1.1.2.12 @@ -1115,7 +1115,14 @@ lappend cmd --compressed } - lappend cmd --data-binary $body + # Unfortunately, as we are interacting with a shell, there + # is no way to escape content in an easy and safe way. We + # just spool body content to a file and let it be read by curl. + set data_binary_tmpfile [ns_tmpnam] + set wfd [open $data_binary_tmpfile w] + puts -nonewline $wfd $body + close $wfd + lappend cmd --data-binary "@${data_binary_tmpfile}" # Return response code toghether with webpage lappend cmd -w " %\{http_code\}" @@ -1148,7 +1155,6 @@ ns_set put $resp_headers $key $value } close $rfd - file delete $resp_headers_tmpfile # Get values from response headers, then remove them set content_type [ns_set iget $resp_headers content-type] @@ -1168,6 +1174,10 @@ set page [encoding convertfrom $enc $page] } + # Delete temp files + file delete $resp_headers_tmpfile + file delete $data_binary_tmpfile + return [list \ page $page \ file $spool_file \