New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix parseMultipartForm to accept unquoted strings #1725

Merged
merged 1 commit into from May 16, 2017

Conversation

Projects
None yet
2 participants
@tchaloupka
Contributor

tchaloupka commented Mar 27, 2017

Content-Disposition fields can be passed as an unquoted string in which case the current parser fails.

https://tools.ietf.org/html/rfc6266#section-4.1

So I adjusted the parser to depend on semicolon as a separator or to use the rest of the input if the semicolon is not found.

For example .Net can send requests like this:

POST https://192.168.0.78:8082/api/v1/foos HTTP/1.1
User-Agent: bar
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Content-Type: multipart/form-data; boundary="7518e894-589d-44be-9a04-9f45c6124429"
Host: 192.168.0.78:8082
Content-Length: 55839
Expect: 100-continue
Connection: Keep-Alive

--7518e894-589d-44be-9a04-9f45c6124429
Content-Type: text/plain; charset=utf-8
Content-Disposition: form-data; name=name

Some test
--7518e894-589d-44be-9a04-9f45c6124429
Content-Type: text/plain; charset=utf-8
Content-Disposition: form-data; name=desc

Some test description
--7518e894-589d-44be-9a04-9f45c6124429
Content-Disposition: form-data; name=file; filename=CadEx_schema.png; filename*=utf-8''CadEx_schema.png

...file content...
--7518e894-589d-44be-9a04-9f45c6124429--
@tchaloupka

This comment has been minimized.

Show comment
Hide comment
@tchaloupka

tchaloupka Mar 27, 2017

Contributor

This fixes #1562

Contributor

tchaloupka commented Mar 27, 2017

This fixes #1562

@s-ludwig

This comment has been minimized.

Show comment
Hide comment
@s-ludwig

s-ludwig Apr 2, 2017

Member

To be fully correct, shouldn't there be two branches, one that searches for " in case the value begins with " and one that searches for ; if it doesn't?

Otherwise LGTM.

Member

s-ludwig commented Apr 2, 2017

To be fully correct, shouldn't there be two branches, one that searches for " in case the value begins with " and one that searches for ; if it doesn't?

Otherwise LGTM.

@tchaloupka

This comment has been minimized.

Show comment
Hide comment
@tchaloupka

tchaloupka Apr 2, 2017

Contributor

I've made the branch but also it is actually needed to skip escaped quotes inside so I changed that too.

Contributor

tchaloupka commented Apr 2, 2017

I've made the branch but also it is actually needed to skip escaped quotes inside so I changed that too.

Show outdated Hide outdated inet/vibe/inet/webform.d
res++;
}
return -1;

This comment has been minimized.

@s-ludwig

s-ludwig May 12, 2017

Member

Probably would be the best idea to throw an exception here. Otherwise this would result in an out-of-bounds error in parseValue, which terminates the application.

@s-ludwig

s-ludwig May 12, 2017

Member

Probably would be the best idea to throw an exception here. Otherwise this would result in an out-of-bounds error in parseValue, which terminates the application.

Fix parseMultipartForm to accept unquoted strings
Content-Disposition fields can be passed as an unquoted string in which case the current parser fails.
Parse escaped quote


simplification
@s-ludwig

This comment has been minimized.

Show comment
Hide comment
@s-ludwig

s-ludwig May 16, 2017

Member

Thanks! I indeed missed the escaping, but this looks good now.

Member

s-ludwig commented May 16, 2017

Thanks! I indeed missed the escaping, but this looks good now.

@s-ludwig s-ludwig merged commit f0d686c into vibe-d:master May 16, 2017

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

s-ludwig added a commit that referenced this pull request Sep 2, 2017

Merge pull request #1725 from tchaloupka/fix_parseMultipart
Fix parseMultipartForm to accept unquoted strings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment