Permalink
Browse files

Fix parsing performance for unquoted filenames

Special thanks to Paul Rogers & Eric Wong

Conflicts:
	test/spec_multipart.rb
  • Loading branch information...
1 parent e8d1bec commit c9f65df37a151821eb88ddd1dc404b83e52c52d5 @raggi raggi committed May 13, 2012
Showing with 22 additions and 2 deletions.
  1. +2 −2 lib/rack/multipart.rb
  2. +20 −0 test/spec_multipart.rb
View
@@ -12,7 +12,7 @@ module Multipart
MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|n
TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
- DISPPARM = /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})*/
+ DISPPARM = /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})/
RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
BROKEN_QUOTED = /^#{CONDISP}.*;\sfilename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
BROKEN_UNQUOTED = /^#{CONDISP}.*;\sfilename=(#{TOKEN})/i
@@ -31,4 +31,4 @@ def build_multipart(params, first = true)
end
end
-end
+end
View
@@ -295,4 +295,24 @@ def multipart_file(name)
message.should.equal "value must be a Hash"
end
+ should "parse very long unquoted multipart file names" do
+ data = <<-EOF
+--AaB03x\r
+Content-Type: text/plain\r
+Content-Disposition: attachment; name=file; filename=#{'long' * 100}\r
+\r
+contents\r
+--AaB03x--\r
+ EOF
+
+ options = {
+ "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
+ "CONTENT_LENGTH" => data.length.to_s,
+ :input => StringIO.new(data)
+ }
+ env = Rack::MockRequest.env_for("/", options)
+ params = Rack::Utils::Multipart.parse_multipart(env)
+
+ params["file"][:filename].should.equal('long' * 100)
+ end
end

0 comments on commit c9f65df

Please sign in to comment.