Skip to content

Commit

Permalink
Disallow name="" in Content-Disposition header.
Browse files Browse the repository at this point in the history 
Jon Jensen noticed that the last commit (b29f34f) introduced a new
problem by relaxing the constraint a little too much and allowing
empty strings. This patch by Mike Heins goes back to requiring at
least one character, while still allowing 0.
  • Loading branch information
@danielbr
danielbr committed Apr 2, 2011
1 parent 29c73e6 commit be63373
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/Vend/Server.pm
View file
Expand Up @@ -478,7 +478,7 @@ sub parse_multipart {
} }


#::logDebug("Content-Disposition: " . $header{'Content-Disposition'}); #::logDebug("Content-Disposition: " . $header{'Content-Disposition'});
my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]*)"?/; my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]+)"?/;


# Bug: Netscape doesn't escape quotation marks in file names!!! # Bug: Netscape doesn't escape quotation marks in file names!!!
my($filename) = $header{'Content-Disposition'}=~/ filename="?([^\";]*)"?/; my($filename) = $header{'Content-Disposition'}=~/ filename="?([^\";]*)"?/;
Expand Down

0 comments on commit be63373

Please sign in to comment.