Skip to content
This repository

handleFileUpload with non acsii file name not working properly #150

Open
cvb opened this Issue July 09, 2012 · 4 comments

3 participants

Peter Goncharov Gregory Collins Dmitry Dzhus
Peter Goncharov
cvb commented July 09, 2012

I'm trying to upload file, which name is utf8 encoded string, and getting string quoted with ".

I found that it can't be properly parsed by Snap.Internal.Parsing.pQuotedString, so as a workaround
I made this patch

cvb@e03cb4e

Gregory Collins
Owner

The RFC states that all MIME-headers are to be encoded as quoted-printable. If your client library is sending 8-bit headers then it is violating spec. What program are you using to upload?

Peter Goncharov
cvb commented July 09, 2012

I used google chrome 20.0.1132.34 beta and firefox 10.0.5, result is same

Here is what I get using wireshark

POST /upload/case/56/files HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Content-Length: 213
Origin: http://localhost:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.34 Safari/536.11
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryNnXEMncBxsCgUvip
Accept: /
Referer: http://localhost:8000/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: UTF-8,*;q=0.5
Cookie: _remember=0nIfbdirkFlYqBG/W5bzPtRBNUueKLS7bcTU2wDQFXlQAobo/C5qK3JBaBC8OknmjmhE5R3T+r3yYYbQOwhcRTTtoI2Y9AcvPeVTBUvg+ZZcWpNulagr1nJMG8O//lQDon1pDZN1LwIAPTo0AxjWBFVeqWZafbRxF0tzv4k=; _session=boGFdLo2+zzcO1DwYETDeEuR4vtN0plPX/EWgC43ChCjhAjxMmY09fjV146mH8Gi9tzTOPvS68JKkHhpQurkHM+naR++DPhgMshV11fu5G0iDmSe9Yt+Vo0O1//rZBL1FeLaxp/4oE7GfcFC81/tzDaxwit4F3oO/vQwkvoKFg0kvVEm8zti83Wo0kJAzzs=

------WebKitFormBoundaryNnXEMncBxsCgUvip
Content-Disposition: form-data; name="files"; filename="........"
Content-Type: application/octet-stream

111............

And boundary content in hex

00000381 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d ------We bKitForm
00000391 42 6f 75 6e 64 61 72 79 4e 6e 58 45 4d 6e 63 42 Boundary NnXEMncB
000003A1 78 73 43 67 55 76 69 70 0d 0a 43 6f 6e 74 65 6e xsCgUvip ..Conten
000003B1 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 t-Dispos ition: f
000003C1 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 orm-data ; name="
000003D1 66 69 6c 65 73 22 3b 20 66 69 6c 65 6e 61 6d 65 files"; filename
000003E1 3d 22 d1 82 d0 b5 d1 81 d1 82 22 0d 0a 43 6f 6e ="...... .."..Con
000003F1 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 tent-Typ e: appli
00000401 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 cation/o ctet-str
00000411 65 61 6d 0d 0a 0d 0a 31 31 31 d0 bb d0 be d1 80 eam....1 11......
00000421 d0 bb d0 be d1 80 0a 0d 0a 2d 2d 2d 2d 2d 2d 57 ........ .------W
00000431 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 ebKitFor mBoundar
00000441 79 4e 6e 58 45 4d 6e 63 42 78 73 43 67 55 76 69 yNnXEMnc BxsCgUvi
00000451 70 2d 2d 0d 0a p--..

So filename= 22 d1 82 d0 b5 d1 81 d1 82 22 which is utf8 encoded "тест" in russian.

Gregory Collins
Owner

Just wonderful. http://tools.ietf.org/html/rfc2388 says:

5.4 Non-ASCII field names

Note that MIME headers are generally required to consist only of 7-
bit data in the US-ASCII character set. Hence field names should be
encoded according to the method in RFC 2047 if they contain
characters outside of that set.

....but if browsers are actually breaking spec we need to support that. Awesome.

Dmitry Dzhus
dzhus commented July 13, 2012

This should be reported to browser devs as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.