Skip to content
Browse files

Disallow name="" in Content-Disposition header.

Jon Jensen noticed that the last commit (b29f34f) introduced a new
problem by relaxing the constraint a little too much and allowing
empty strings. This patch by Mike Heins goes back to requiring at
least one character, while still allowing 0.
  • Loading branch information...
1 parent 29c73e6 commit be6337367beca9c93c426cf8b6c2665cb95cd49a @danielbr danielbr committed Apr 2, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/Vend/Server.pm
View
2 lib/Vend/Server.pm
@@ -478,7 +478,7 @@ sub parse_multipart {
}
#::logDebug("Content-Disposition: " . $header{'Content-Disposition'});
- my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]*)"?/;
+ my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]+)"?/;
# Bug: Netscape doesn't escape quotation marks in file names!!!
my($filename) = $header{'Content-Disposition'}=~/ filename="?([^\";]*)"?/;

0 comments on commit be63373

Please sign in to comment.
Something went wrong with that request. Please try again.