Open Bug 372296 Opened 17 years ago Updated 2 years ago

Forms with file inputs that have hidden inputs after submit buttons failing on HTTPS POST with large file size

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
1.8 Branch
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: tuskdev, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10

If we have a page that has hidden inputs on a form after a submit button with a file input on the form (see below).
And we submit the page over https to a second page and the file is of a certain size (2MB failed, 200K worked, estimated 1MB cutoff) the hidden values get removed from the https request.
For example:
[code]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

<head>
<title>TUSK - Upload New Content</title>
</head>

<body>
<form action="/tusk/management/content/addedit/course/HSDB/1277" enctype="multipart/form-data" method="POST" id="content" name="content">
<input type="hidden" name="submit_check" value="1">
<input type="file" name="file" value="Browse...">
<input type="submit" name="submit" value="Save and Continue">
<input type="submit" name="submit" id="submit" value="Create Blank Document">
<input type="hidden" name="page" value="add" id="page_id">
<input type="hidden" name="action" value="" id="action_id">
<input type="hidden" name="content_type" value="" id="content_type_id">
</form>
 </body>
</html>
[/code]

Fails to send the "page" input (and others) to the next script. Using live http headers showed:
[code]
https://dev.tusk.tufts.edu:9109/tusk/management/content/addedit/course/HSDB/1277

POST /tusk/management/content/addedit/course/HSDB/1277 HTTP/1.1
Host: dev.tusk.tufts.edu:9109
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://dev.tusk.tufts.edu:9109/public/test.htm
Cookie: Ticket=hash&960085e5c061b57cd7212621379669b4&time&1172778317&user&jwestc01&expires&240; EMBPERL_UID=f063c1002b7f4418fe63010826b0a5bf; TUSKMasonCookie=13ac8d6a53bf3197a7c5df4cfc2e56f0
Content-Type: multipart/form-data; boundary=---------------------------25842286834408
Content-Length: 4059369
-----------------------------25842286834408
Content-Disposition: form-data; name="submit_check"

1
-----------------------------25842286834408
Content-Disposition: form-data; name="file"; filename="492714-Welcome_to_TUSK__Slide_P.ppt"
Content-Type: application/vnd.ms-powerpoint

ÐÏࡱá
HTTP/1.x 200 OK
Date: Thu, 01 Mar 2007 19:52:12 GMT
Server: Apache/1.3.31 (Unix) mod_perl/1.29 mod_ssl/2.8.17 OpenSSL/0.9.7d
Set-Cookie: Ticket=hash&f2463692d1538b150ed7e6afa38568a0&time&1172778732&user&jwestc01&expires&240; path=/
Set-Cookie: TUSKMasonCookie=13ac8d6a53bf3197a7c5df4cfc2e56f0; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
----------------------------------------------------------


[/code]

If I change the original form by moving the hidden fields above the submit buttons it works.
For example:
[code]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

<head>
<title>TUSK - Upload New Content</title>
</head>

<body>
<form action="/tusk/management/content/addedit/course/HSDB/1277" enctype="multipart/form-data" method="POST" id="content" name="content">
<input type="hidden" name="submit_check" value="1">
<input type="hidden" name="page" value="add" id="page_id">
<input type="hidden" name="action" value="" id="action_id">
<input type="hidden" name="content_type" value="" id="content_type_id">
<input type="file" name="file" value="Browse...">
<input type="submit" name="submit" value="Save and Continue">
<input type="submit" name="submit" id="submit" value="Create Blank Document">
</form>
 </body>
</html>
[/code]

Returns the following headers with live http headers:
[code]
https://dev.tusk.tufts.edu:9109/tusk/management/content/addedit/course/HSDB/1277

POST /tusk/management/content/addedit/course/HSDB/1277 HTTP/1.1
Host: dev.tusk.tufts.edu:9109
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://dev.tusk.tufts.edu:9109/public/test.htm
Cookie: Ticket=hash&1419c5c43842e0bf5fac224df99500f0&time&1172778851&user&jwestc01&expires&240; EMBPERL_UID=f063c1002b7f4418fe63010826b0a5bf; TUSKMasonCookie=13ac8d6a53bf3197a7c5df4cfc2e56f0
Content-Type: multipart/form-data; boundary=---------------------------212101722926473
Content-Length: 4059376
-----------------------------212101722926473
Content-Disposition: form-data; name="submit_check"

1
-----------------------------212101722926473
Content-Disposition: form-data; name="page"

add
-----------------------------212101722926473
Content-Disposition: form-data; name="action"


-----------------------------212101722926473
Content-Disposition: form-data; name="content_type"


-----------------------------212101722926473
Content-Disposition: form-data; name="file"; filename="492714-Welcome_to_TUSK__Slide_P.ppt"
Content-Type: application/vnd.ms-powerpoint

ÐÏࡱá
HTTP/1.x 200 OK
Date: Thu, 01 Mar 2007 19:54:25 GMT
Server: Apache/1.3.31 (Unix) mod_perl/1.29 mod_ssl/2.8.17 OpenSSL/0.9.7d
Set-Cookie: Ticket=hash&fccf11bf5fda91ff76714ea34d3a19d5&time&1172778865&user&jwestc01&expires&240; path=/
Set-Cookie: TUSKMasonCookie=13ac8d6a53bf3197a7c5df4cfc2e56f0; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
----------------------------------------------------------


[/code]



Reproducible: Always

Steps to Reproduce:
1. Use code in details above to create a web page
2. Submit it over https
3. Watch live headers
Actual Results:  
The live headers do not contain all of the form paramaters.

Expected Results:  
All form parameters on the form should be submitted.

This was tested on various Windows XP machines.
It does not appear to be an issue with 1.5.0.9.
We first noticed this issue in Fire fox 2.0.0 but could not figure out what was causing it.
I tried the test with OS X and it seems to be unaffected.
If you need more information please feel free to contact me.
Assignee: nobody → form-submission
Component: General → HTML: Form Submission
Product: Firefox → Core
QA Contact: general → ian
Version: unspecified → 1.8 Branch
Assignee: form-submission → nobody
QA Contact: ian → form-submission
Component: HTML: Form Submission → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.