Closed
Bug 232993
Opened 21 years ago
Closed 21 years ago
attachments with spaces in names don't work
Categories
(Bugzilla :: Attachments & Requests, defect)
Bugzilla
Attachments & Requests
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: bmo, Assigned: justdave)
References
Details
Attachments
(3 files, 1 obsolete file)
User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 if you upload an attachment like "bug info.zip", when a user downloads this attachment, it will be named "bug". Reproducible: Always Steps to Reproduce: 1. 2. 3.
wfm on XP pro & moz 2004020308 when i send myself a "test file.zip". Reporter: Can you reproduce this bug? And what mailer is used on by the receiving party?
Reporter | ||
Comment 2•21 years ago
|
||
patrick: i'm not sure i understand what you are talking about. this bug is about bugzilla attachments. i'll create one on this bug so you see what i mean. no "mailer" is involved.
Reporter | ||
Comment 3•21 years ago
|
||
added a test attachment called "filename with spaces.txt"
Reporter | ||
Updated•21 years ago
|
Attachment #140538 -
Attachment mime type: text/plain → application/octet-stream
Assignee | ||
Comment 4•21 years ago
|
||
Confirmed. If I view the attachment on this bug and do "Save Page As..." Mozilla offers me "filename" for the default filename.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Reporter | ||
Comment 5•21 years ago
|
||
now that i changed the mime-type to "application/octet-stream", it is even easier to repro. just click on the attachment and your browser will likely ask you what to do with the file.
Assignee | ||
Comment 6•21 years ago
|
||
OK, after reviewing RFC 2183 (http://www.isi.edu/in-notes/rfc2183.txt) which covers the Content-Disposition header, I'm convinced that Bugzilla is in fact generating the correct header, and Mozilla is interpreting it incorrectly. Safari and Internet Explorer both get the entire filename, and don't truncate at the space.
Assignee: myk → download-manager
Component: Attachments & Requests → Download Manager
Product: Bugzilla → Browser
Version: unspecified → Trunk
Comment 7•21 years ago
|
||
> OK, after reviewing RFC 2183 (http://www.isi.edu/in-notes/rfc2183.txt) which > covers the Content-Disposition header, I'm convinced that Bugzilla is in fact > generating the correct header, Oh, man. This is after reading the RFC? From that RFC: filename-parm := "filename" "=" value The "value" token is not defined in that RFC, and the RFC normatively references RFC 2045 for its definition. RFC 2045 says: value := token / quoted-string token := 1*<any (US-ASCII) CHAR except SPACE, CTLs, or tspecials> In other words, you can't have spaces in the filename unless you quote the filename. Simple, no? SPACE is very clearly excluded. Also, note that RFC 2183 is in fact superceded by RFC 2231 (http://www.isi.edu/in-notes/rfc2231.txt), which removes the ascii-only restriction but does not relax the space restriction. In fact, implementing RFC 2231 correctly is near-impossible while ignoring the space restriction on values. Which is why we removed the code we had to ignore it when we implemented support for RFC 2231. IE does NOT support RFC 2231; I have no idea what Safari does. This is _so_ a Bugzilla bug. Just quote all filenames (and escape quotes in the filename as necessary).
Assignee: download-manager → myk
Component: Download Manager → Attachments & Requests
Product: Browser → Bugzilla
Version: Trunk → unspecified
Assignee | ||
Comment 8•21 years ago
|
||
When this was originally implemented, we had it quoted, and people complained that the quotes were getting included as part of the filename, so they got removed. I missed the reference to RFC 2045 and assumed it wasn't being defined, but it didn't say "quoted-value".... and I remembered the above discussion about browsers including the quotes in the filename.
Comment 9•21 years ago
|
||
If there were quotes in the filename in Mozilla, please file a bug (and I will be _very_ surprised, unless it's a really really old Mozilla version). I'm pretty certain IE handles quoted filenames fine. No idea on Safari or Opera, again.
Assignee | ||
Comment 10•21 years ago
|
||
Safari and IE5 Mac handle the quotes fine (as does Mozilla). Looking back at our history, it was actually a Microsoft tech note that was pointed out that said you weren't supposed to quote it. :) We all know how well Microsoft likes to follow the standards. :) I don't have access to try it on a PC to see what the Windows version of IE does, but I've seen enough to know we should probably fix it anyway. :)
Assignee: myk → justdave
Assignee | ||
Updated•21 years ago
|
OS: Windows XP → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 2.18
Assignee | ||
Comment 11•21 years ago
|
||
I don't like this personally because it doesn't do anything for filenames with quotes in the filename, but it's the same quoting that's done in the Content-type header. Anyone know the correct method to escape quotes within a Content disposition value? /me goes off to dig through RFC2045
Comment 12•21 years ago
|
||
It's not there; the definition of quoted-string is imported from RFC 822. It is: quoted-string = <"> *(qtext/quoted-pair) <">; Regular qtext or ; quoted chars. where we have: qtext = <any CHAR excepting <">, ; => may be folded "\" & CR, and including linear-white-space> quoted-pair = "\" CHAR ; may quote any char In other words, Content-disposition: attachment; filename="A file with \"quotes\" in the name"
Assignee | ||
Comment 13•21 years ago
|
||
OK, RFC2045 says value = quoted-string, and refers to RFC822, which says (relevant pieces snagged and not necessarily displayed in order) quoted-string = <"> *(qtext/quoted-pair) <">; Regular qtext or ; quoted chars. qtext = <any CHAR excepting <">, ; => may be folded "\" & CR, and including linear-white-space> quoted-pair = "\" CHAR ; may quote any char linear-white-space = 1*([CRLF] LWSP-char) ; semantics = SPACE ; CRLF => folding LWSP-char = SPACE / HTAB ; semantics = SPACE Now that's not exactly straightforward, but seems to imply to me that quotes within the filename should be escaped with \ and \ characters should also be escaped with \. Is my interpretation correct?
Assignee | ||
Comment 14•21 years ago
|
||
OK, I'll take bz's comment that I midaired with as an agreement with that interpretation. :)
Assignee | ||
Comment 15•21 years ago
|
||
Assignee | ||
Updated•21 years ago
|
Attachment #140555 -
Attachment is obsolete: true
Assignee | ||
Updated•21 years ago
|
Attachment #140558 -
Flags: review?(myk)
Comment 16•21 years ago
|
||
Comment on attachment 140558 [details] [diff] [review] Patch v2 Works, looks good. r=myk
Attachment #140558 -
Flags: review?(myk) → review+
Assignee | ||
Comment 17•21 years ago
|
||
Checking in attachment.cgi; /cvsroot/mozilla/webtools/bugzilla/attachment.cgi,v <-- attachment.cgi new revision: 1.50; previous revision: 1.49 done
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 18•21 years ago
|
||
*** Bug 233824 has been marked as a duplicate of this bug. ***
Comment 19•19 years ago
|
||
I use the bugzilla 2.18.1 . the attachment.cgi is # Return the appropriate HTTP response headers. $filename =~ s/^.*[\/\\]//; my $filesize = length($thedata); # escape quotes and backslashes in the filename, per RFCs 2045/822 $filename =~ s/\\/\\\\/g; # escape backslashes $filename =~ s/"/\\"/g; # escape quotes print Bugzilla->cgi->header(-type=>"$contenttype; name=\"$filename\"", -content_disposition=> "inline; filename=\"$filename\"", -content_length => $filesize); when I upload the file contain the space as "aa bb.txt",it will error and the message is "You did not specify a file to attach. ". how can i do?
Comment 20•19 years ago
|
||
Comment 21•19 years ago
|
||
(In reply to comment #20) > Created an attachment (id=199041) [edit] > the the space attachement.trc I find if I upload the file with the mozilla ,it will be success. but if I use the IE ,it will be fail. How can I do? thanks.
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•