Skip to content
Permalink
Browse files

Randomise multipart boundary. Thanks to Yamada Masahiro.

  • Loading branch information...
AndyA committed Nov 13, 2010
1 parent 6405b5d commit e4942b871a26c1317a175a91ebb7262eea59b380
Showing with 15 additions and 5 deletions.
  1. +8 −1 lib/CGI/Simple.pm
  2. +3 −2 t/050.simple.t
  3. +4 −2 t/070.standard.t
@@ -1125,7 +1125,14 @@ sub multipart_init {
my ( $self, @p ) = @_;
use CGI::Simple::Util qw(rearrange);
my ( $boundary, @other ) = rearrange( ['BOUNDARY'], @p );
$boundary = $boundary || '------- =_aaaaaaaaaa0';
if ( !$boundary ) {
$boundary = '------- =_';
my @chrs = ( '0' .. '9', 'A' .. 'Z', 'a' .. 'z' );
for ( 1 .. 17 ) {
$boundary .= $chrs[ rand( scalar @chrs ) ];
}
}

my $CRLF = $self->crlf; # get CRLF sequence
my $warning
= "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY.";
@@ -945,10 +945,11 @@ $q = new CGI::Simple;
$sv = $q->multipart_init();
like(
$sv,
qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|,
qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|,
'multipart_init(), 1'
);
like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' );
like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/,
'multipart_init(), 2' );
$sv = $q->multipart_init( 'this_is_the_boundary' );
like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' );
$sv = $q->multipart_init( -boundary => 'this_is_another_boundary' );
@@ -953,10 +953,12 @@ restore_parameters();
$sv = multipart_init();
like(
$sv,
qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|,
qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|,
'multipart_init(), 1'
);
like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' );

like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/,
'multipart_init(), 2' );
$sv = multipart_init( 'this_is_the_boundary' );
like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' );
$sv = multipart_init( -boundary => 'this_is_another_boundary' );

0 comments on commit e4942b8

Please sign in to comment.
You can’t perform that action at this time.