Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Parsed filename from content-disposition header is invalid #24

Closed
ctaschereau opened this Issue · 2 comments

2 participants

@ctaschereau

When using either IE8 or IE9 or IE11 with Intranet settings (and the default value for the custom security setting "Include local directory path when uploading files to a server"), the full file path of an uploaded file is sent to the server (Ex : C:\my_folder\my_image.png) but with backslashes not escaped.

The problem that this raises is that busboy then parses the name as C:my_foldermy_image.png.

Even though this is a bug on IE's part since it is not doubling its backslashes before sending them, it would really be helpful if busboy handled unescaped single backslashes.

The following two new tests fail for the current implementation of busboy's utils.js :

{ source: 'text/plain; filename="C:\\folder\\test.png"',
    expected: ['text/plain', ['filename', 'C:\\folder\\test.png']],
    what: 'Unescaped backslashes should be considered backslashes'
},
{ source: 'text/plain; filename="John \\"Magic\\" Smith.png"',
    expected: ['text/plain', ['filename', 'John "Magic" Smith.png']],
    what: 'Escaped double-quotes should be considered double-quotes'
},

A possible solution to a very similar problem appears to have been addressed here : rack/rack#323 (comment)

@mscdex
Owner

I think the best solution is probably to strip the path parts from the filename. This is what cURL and others already do.

@mscdex
Owner

Fixed in 9988e83. Thanks for the report.

@mscdex mscdex closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.