Closed Bug 232993 Opened 21 years ago Closed 21 years ago

attachments with spaces in names don't work

Categories

(Bugzilla :: Attachments & Requests, defect)

Product:
Bugzilla
Component:
Attachments & Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: bmo, Assigned: justdave)

References

Details

Attachments

(3 files, 1 obsolete file)

test attachment with spaces in filename
9 bytes, application/octet-stream
Details
Patch v2
907 bytes, patch
myk
: review+
Details | Diff | Splinter Review
the the space attachement.trc
4 bytes, application/octet-stream
Details 
User-Agent:       
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

if you upload an attachment like "bug info.zip", when a user downloads this
attachment, it will be named "bug".

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
wfm on XP pro & moz 2004020308 when i send myself a "test file.zip".

Reporter: Can you reproduce this bug? And what mailer is used on by the
receiving party? 
patrick: i'm not sure i understand what you are talking about.  this bug is
about bugzilla attachments.  i'll create one on this bug so you see what i mean.
 no "mailer" is involved.
added a test attachment called "filename with spaces.txt"
Attachment #140538 - Attachment mime type: text/plain → application/octet-stream
Confirmed.  If I view the attachment on this bug and do "Save Page As..."
Mozilla offers me "filename" for the default filename.
Status: UNCONFIRMED → NEW
Ever confirmed: true
now that i changed the mime-type to "application/octet-stream", it is even
easier to repro.  just click on the attachment and your browser will likely ask
you what to do with the file.
OK, after reviewing RFC 2183 (http://www.isi.edu/in-notes/rfc2183.txt) which
covers the Content-Disposition header, I'm convinced that Bugzilla is in fact
generating the correct header, and Mozilla is interpreting it incorrectly.

Safari and Internet Explorer both get the entire filename, and don't truncate at
the space.
Assignee: myk → download-manager
Component: Attachments & Requests → Download Manager
Product: Bugzilla → Browser
Version: unspecified → Trunk
> OK, after reviewing RFC 2183 (http://www.isi.edu/in-notes/rfc2183.txt) which
> covers the Content-Disposition header, I'm convinced that Bugzilla is in fact
> generating the correct header,

Oh, man.  This is after reading the RFC?  From that RFC:

     filename-parm := "filename" "=" value

The "value" token is not defined in that RFC, and the RFC normatively references
RFC 2045 for its definition.  RFC 2045 says:

     value := token / quoted-string
     token := 1*<any (US-ASCII) CHAR except SPACE, CTLs,
                 or tspecials>

In other words, you can't have spaces in the filename unless you quote the
filename.  Simple, no?  SPACE is very clearly excluded.

Also, note that RFC 2183 is in fact superceded by RFC 2231
(http://www.isi.edu/in-notes/rfc2231.txt), which removes the ascii-only
restriction but does not relax the space restriction.  In fact, implementing RFC
2231 correctly is near-impossible while ignoring the space restriction on
values.  Which is why we removed the code we had to ignore it when we
implemented support for RFC 2231. IE does NOT support RFC 2231; I have no idea
what Safari does.

This is _so_ a Bugzilla bug.  Just quote all filenames (and escape quotes in the
filename as necessary).
Assignee: download-manager → myk
Component: Download Manager → Attachments & Requests
Product: Browser → Bugzilla
Version: Trunk → unspecified
When this was originally implemented, we had it quoted, and people complained that 
the quotes were getting included as part of the filename, so they got removed.

I missed the reference to RFC 2045 and assumed it wasn't being defined, but it
didn't say "quoted-value"....  and I remembered the above discussion about
browsers including the quotes in the filename.
If there were quotes in the filename in Mozilla, please file a bug (and I will
be _very_ surprised, unless it's a really really old Mozilla version).  I'm
pretty certain IE handles quoted filenames fine.  No idea on Safari or Opera, again.
Safari and IE5 Mac handle the quotes fine (as does Mozilla).  Looking back at
our history, it was actually a Microsoft tech note that was pointed out that
said you weren't supposed to quote it. :)  We all know how well Microsoft likes
to follow the standards. :)  I don't have access to try it on a PC to see what
the Windows version of IE does, but I've seen enough to know we should probably
fix it anyway. :)
Assignee: myk → justdave
OS: Windows XP → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 2.18
Attached patch Patch (obsolete) — Splinter Review 
I don't like this personally because it doesn't do anything for filenames with
quotes in the filename, but it's the same quoting that's done in the
Content-type header.  Anyone know the correct method to escape quotes within a
Content disposition value?

/me goes off to dig through RFC2045
It's not there; the definition of quoted-string is imported from RFC 822.  It is:

     quoted-string = <"> *(qtext/quoted-pair) <">; Regular qtext or
                                                 ;   quoted chars.
where we have:

     qtext       =  <any CHAR excepting <">,     ; => may be folded
                     "\" & CR, and including
                     linear-white-space>
     quoted-pair =  "\" CHAR                     ; may quote any char

In other words,

Content-disposition: attachment; filename="A file with \"quotes\" in the name"
OK, RFC2045 says value = quoted-string, and refers to RFC822, which says
(relevant pieces snagged and not necessarily displayed in order)

     quoted-string = <"> *(qtext/quoted-pair) <">; Regular qtext or
                                                 ;   quoted chars.

     qtext       =  <any CHAR excepting <">,     ; => may be folded
                     "\" & CR, and including
                     linear-white-space>

     quoted-pair =  "\" CHAR                     ; may quote any char

     linear-white-space =  1*([CRLF] LWSP-char)  ; semantics = SPACE
                                                 ; CRLF => folding

     LWSP-char   =  SPACE / HTAB                 ; semantics = SPACE

Now that's not exactly straightforward, but seems to imply to me that quotes
within the filename should be escaped with \ and \ characters should also be
escaped with \.

Is my interpretation correct?
OK, I'll take bz's comment that I midaired with as an agreement with that
interpretation. :)
Attached patch Patch v2Splinter Review 

    
  

        Attachment #140555 -
        Attachment is obsolete: true

    
  

        Attachment #140558 -
        Flags: review?(myk)

    
    

    
  
Comment on attachment 140558 [details] [diff] [review]
Patch v2

Works, looks good. r=myk

        Attachment #140558 -
        Flags: review?(myk) → review+

    
    

    
  
Checking in attachment.cgi;
/cvsroot/mozilla/webtools/bugzilla/attachment.cgi,v  <--  attachment.cgi
new revision: 1.50; previous revision: 1.49
done

Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED

    
    

    
  
*** Bug 233824 has been marked as a duplicate of this bug. ***

    
    

    
  
I use the bugzilla 2.18.1 .
the attachment.cgi is
 # Return the appropriate HTTP response headers.
    $filename =~ s/^.*[\/\\]//;
    my $filesize = length($thedata);

    # escape quotes and backslashes in the filename, per RFCs 2045/822
    $filename =~ s/\\/\\\\/g; # escape backslashes
    $filename =~ s/"/\\"/g; # escape quotes

    print Bugzilla->cgi->header(-type=>"$contenttype; name=\"$filename\"",
                                -content_disposition=> "inline; 
filename=\"$filename\"",
                                -content_length => $filesize);

when I upload the file contain the space as "aa bb.txt",it will error and the 
message is "You did not specify a file to attach.  ".
how can i do?

    
    

    
  


  

    
    

    
  
(In reply to comment #20)
> Created an attachment (id=199041) [edit]
> the the space attachement.trc

I find if I upload the file with the mozilla ,it will be success.
but if I use the IE ,it will be fail.
How can I do?
thanks.

QA Contact: matty_is_a_geek → default-qa

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: