Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport 2104 3-0-stable #2164

Merged
merged 1 commit into from Mar 20, 2024
Merged

Backport 2104 3-0-stable #2164

merged 1 commit into from Mar 20, 2024

Conversation

JoeDupuis
Copy link

Bug fix #2104 backported to 3-0-stable (to cut a release).

Follow up from #2163

@JoeDupuis JoeDupuis changed the base branch from main to 3-0-stable March 20, 2024 04:03
@JoeDupuis JoeDupuis mentioned this pull request Mar 20, 2024
Closed
jeremyevans
jeremyevans requested changes Mar 20, 2024
View reviewed changes
Copy link
Contributor

@jeremyevans jeremyevans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor change requested, then this should be good.

lib/rack/multipart/parser.rb Outdated
@@ -213,6 +213,8 @@ def initialize(boundary, tempfile, bufsize, query_parser)

@sbuf = StringScanner.new("".dup)
@body_regex = /(?:#{EOL}|\A)--#{Regexp.quote(boundary)}(?:#{EOL}|--)/m
@body_regex_at_end = /#{@body_regex}\z/m
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think @body_regex_at_end is used by this code, so it should not be added.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, it came with the cherry pick by accident. I removed it.

@alpaca-tc @JoeDupuis
Backport rack#2104 to 3-0-stable
47351c9 
Return empty when parsing a multi-part POST with only one end delimiter.

Fixed: rack#2103

Sending the following request in a browser generates a request with
with only one end delimiter.

```javascript
const formData = new FormData();
const request = new Request('http://127.0.0.1:8080/', {
  method: 'POST',
  body: formData,
});
const response = fetch(request);
```

```
curl 'http://127.0.0.1:8080/' \
  -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryR1LC4tR6ayskIXJm' \
  --data-raw $'------WebKitFormBoundaryR1LC4tR6ayskIXJm--\r\n'
```

This request is not compliant RFC7578, but is generated by major browsers such as
FireFox and Chrome.
Supporting this request will cause the multipart parser to return an empty value.
@jeremyevans jeremyevans merged commit f856dbd into rack:3-0-stable Mar 20, 2024
14 of 15 checks passed
@ioquatix
Copy link
Member

Thanks everyone!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeremyevans jeremyevans jeremyevans approved these changes

@ioquatix ioquatix ioquatix approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@JoeDupuis @ioquatix @jeremyevans @alpaca-tc