Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix parseMultipartForm to accept unquoted strings #1725

Merged
merged 1 commit into from
May 16, 2017
Merged

Fix parseMultipartForm to accept unquoted strings #1725

merged 1 commit into from
May 16, 2017

Conversation

tchaloupka
Copy link
Contributor

Content-Disposition fields can be passed as an unquoted string in which case the current parser fails.

https://tools.ietf.org/html/rfc6266#section-4.1

So I adjusted the parser to depend on semicolon as a separator or to use the rest of the input if the semicolon is not found.

For example .Net can send requests like this:

POST https://192.168.0.78:8082/api/v1/foos HTTP/1.1
User-Agent: bar
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Content-Type: multipart/form-data; boundary="7518e894-589d-44be-9a04-9f45c6124429"
Host: 192.168.0.78:8082
Content-Length: 55839
Expect: 100-continue
Connection: Keep-Alive

--7518e894-589d-44be-9a04-9f45c6124429
Content-Type: text/plain; charset=utf-8
Content-Disposition: form-data; name=name

Some test
--7518e894-589d-44be-9a04-9f45c6124429
Content-Type: text/plain; charset=utf-8
Content-Disposition: form-data; name=desc

Some test description
--7518e894-589d-44be-9a04-9f45c6124429
Content-Disposition: form-data; name=file; filename=CadEx_schema.png; filename*=utf-8''CadEx_schema.png

...file content...
--7518e894-589d-44be-9a04-9f45c6124429--

@tchaloupka
Copy link
Contributor Author

This fixes #1562

@s-ludwig
Copy link
Member

s-ludwig commented Apr 2, 2017

To be fully correct, shouldn't there be two branches, one that searches for " in case the value begins with " and one that searches for ; if it doesn't?

Otherwise LGTM.

@tchaloupka tchaloupka force-pushed the fix_parseMultipart branch from 6321174 to 89a74be Compare April 2, 2017 19:29
@tchaloupka
Copy link
Contributor Author

I've made the branch but also it is actually needed to skip escaped quotes inside so I changed that too.

s-ludwig
s-ludwig reviewed May 12, 2017
View reviewed changes
inet/vibe/inet/webform.d Outdated
res++;
}

return -1;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably would be the best idea to throw an exception here. Otherwise this would result in an out-of-bounds error in parseValue, which terminates the application.

@tchaloupka tchaloupka force-pushed the fix_parseMultipart branch from 89a74be to 7970b67 Compare May 14, 2017 10:13
@tchaloupka
Fix parseMultipartForm to accept unquoted strings
6c242be 
Content-Disposition fields can be passed as an unquoted string in which case the current parser fails.
Parse escaped quote


simplification
@tchaloupka tchaloupka force-pushed the fix_parseMultipart branch from 7970b67 to 6c242be Compare May 14, 2017 10:20
@s-ludwig
Copy link
Member

Thanks! I indeed missed the escaping, but this looks good now.

@s-ludwig s-ludwig merged commit f0d686c into vibe-d:master May 16, 2017
@s-ludwig s-ludwig mentioned this pull request Jul 5, 2017
Closed
s-ludwig added a commit that referenced this pull request Sep 2, 2017
@s-ludwig
Merge pull request #1725 from tchaloupka/fix_parseMultipart
2bbede7 
Fix parseMultipartForm to accept unquoted strings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@s-ludwig s-ludwig s-ludwig left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tchaloupka @s-ludwig