is_uploaded_file specifics

How exactly does the PHP function "is_uploaded_file" work ?

The reason I'm wondering is I have an existing script that accepts file uploads, that I would like to modify to accept a URL instead of something from $_FILES as well.
If I could simply have cURL/file_get_contents/etc fetch the URL, dump it in the "upload_tmp_dir" or similar, and setup the $_FILES entry myself the modification would be as simple as adding an IF statement above the existing upload code with this patch.

Having looked at the source, it appears a hashtable entry is set when PHP gets the request that I can't touch.
I was hopeing it simply checked an uploads folder.

Probably going to be easier just turning the section of code that works with the upload into a function and going from there.

Makes it harder to patch existing installations of the script, but it will work as expected.

Check this out http://www.trap17.com/index.php/php-ftp ... 55649.html

I don't think that's quite what I'm looking for, though it does look usefull.

Here's an outlook of what I'd like to be able to do.

Putting the tmp_name variable in the $_FILES superglobal won't populate the other relevant fields. You don't need the $_FILES superglobal at all if you're doing transloading (downloading a file to your server via sending an HTTP request at the request of a third-party). Just get the external URL, grab the file with CURL (not file_get_contents...if you're not sure why, feel free to ask), and proceed to processing the file as you'd like.

The is_uploaded_file function is just another thing for a crafty hacker to have to deal with. It helps keep you from running over your own toes, so to speak. You don't have to use it to be safe...you just have to pay more attention without it.

Yeah yeah yeah, I know all about it.
I'm just being lazy and trying to keep from needing to do more work than I have to because there's existing installations of the script out there which people are going to want to update in most cases. The smaller the edit to make is for anyone who customized the script, the easier it will be to update.