Open
Bug 372296
Opened 17 years ago
Updated 2 years ago
Forms with file inputs that have hidden inputs after submit buttons failing on HTTPS POST with large file size
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: tuskdev, Unassigned)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10 If we have a page that has hidden inputs on a form after a submit button with a file input on the form (see below). And we submit the page over https to a second page and the file is of a certain size (2MB failed, 200K worked, estimated 1MB cutoff) the hidden values get removed from the https request. For example: [code] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>TUSK - Upload New Content</title> </head> <body> <form action="/tusk/management/content/addedit/course/HSDB/1277" enctype="multipart/form-data" method="POST" id="content" name="content"> <input type="hidden" name="submit_check" value="1"> <input type="file" name="file" value="Browse..."> <input type="submit" name="submit" value="Save and Continue"> <input type="submit" name="submit" id="submit" value="Create Blank Document"> <input type="hidden" name="page" value="add" id="page_id"> <input type="hidden" name="action" value="" id="action_id"> <input type="hidden" name="content_type" value="" id="content_type_id"> </form> </body> </html> [/code] Fails to send the "page" input (and others) to the next script. Using live http headers showed: [code] https://dev.tusk.tufts.edu:9109/tusk/management/content/addedit/course/HSDB/1277 POST /tusk/management/content/addedit/course/HSDB/1277 HTTP/1.1 Host: dev.tusk.tufts.edu:9109 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: https://dev.tusk.tufts.edu:9109/public/test.htm Cookie: Ticket=hash&960085e5c061b57cd7212621379669b4&time&1172778317&user&jwestc01&expires&240; EMBPERL_UID=f063c1002b7f4418fe63010826b0a5bf; TUSKMasonCookie=13ac8d6a53bf3197a7c5df4cfc2e56f0 Content-Type: multipart/form-data; boundary=---------------------------25842286834408 Content-Length: 4059369 -----------------------------25842286834408 Content-Disposition: form-data; name="submit_check" 1 -----------------------------25842286834408 Content-Disposition: form-data; name="file"; filename="492714-Welcome_to_TUSK__Slide_P.ppt" Content-Type: application/vnd.ms-powerpoint ÐÏࡱá HTTP/1.x 200 OK Date: Thu, 01 Mar 2007 19:52:12 GMT Server: Apache/1.3.31 (Unix) mod_perl/1.29 mod_ssl/2.8.17 OpenSSL/0.9.7d Set-Cookie: Ticket=hash&f2463692d1538b150ed7e6afa38568a0&time&1172778732&user&jwestc01&expires&240; path=/ Set-Cookie: TUSKMasonCookie=13ac8d6a53bf3197a7c5df4cfc2e56f0; path=/ Connection: close Transfer-Encoding: chunked Content-Type: text/html ---------------------------------------------------------- [/code] If I change the original form by moving the hidden fields above the submit buttons it works. For example: [code] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>TUSK - Upload New Content</title> </head> <body> <form action="/tusk/management/content/addedit/course/HSDB/1277" enctype="multipart/form-data" method="POST" id="content" name="content"> <input type="hidden" name="submit_check" value="1"> <input type="hidden" name="page" value="add" id="page_id"> <input type="hidden" name="action" value="" id="action_id"> <input type="hidden" name="content_type" value="" id="content_type_id"> <input type="file" name="file" value="Browse..."> <input type="submit" name="submit" value="Save and Continue"> <input type="submit" name="submit" id="submit" value="Create Blank Document"> </form> </body> </html> [/code] Returns the following headers with live http headers: [code] https://dev.tusk.tufts.edu:9109/tusk/management/content/addedit/course/HSDB/1277 POST /tusk/management/content/addedit/course/HSDB/1277 HTTP/1.1 Host: dev.tusk.tufts.edu:9109 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: https://dev.tusk.tufts.edu:9109/public/test.htm Cookie: Ticket=hash&1419c5c43842e0bf5fac224df99500f0&time&1172778851&user&jwestc01&expires&240; EMBPERL_UID=f063c1002b7f4418fe63010826b0a5bf; TUSKMasonCookie=13ac8d6a53bf3197a7c5df4cfc2e56f0 Content-Type: multipart/form-data; boundary=---------------------------212101722926473 Content-Length: 4059376 -----------------------------212101722926473 Content-Disposition: form-data; name="submit_check" 1 -----------------------------212101722926473 Content-Disposition: form-data; name="page" add -----------------------------212101722926473 Content-Disposition: form-data; name="action" -----------------------------212101722926473 Content-Disposition: form-data; name="content_type" -----------------------------212101722926473 Content-Disposition: form-data; name="file"; filename="492714-Welcome_to_TUSK__Slide_P.ppt" Content-Type: application/vnd.ms-powerpoint ÐÏࡱá HTTP/1.x 200 OK Date: Thu, 01 Mar 2007 19:54:25 GMT Server: Apache/1.3.31 (Unix) mod_perl/1.29 mod_ssl/2.8.17 OpenSSL/0.9.7d Set-Cookie: Ticket=hash&fccf11bf5fda91ff76714ea34d3a19d5&time&1172778865&user&jwestc01&expires&240; path=/ Set-Cookie: TUSKMasonCookie=13ac8d6a53bf3197a7c5df4cfc2e56f0; path=/ Connection: close Transfer-Encoding: chunked Content-Type: text/html ---------------------------------------------------------- [/code] Reproducible: Always Steps to Reproduce: 1. Use code in details above to create a web page 2. Submit it over https 3. Watch live headers Actual Results: The live headers do not contain all of the form paramaters. Expected Results: All form parameters on the form should be submitted. This was tested on various Windows XP machines. It does not appear to be an issue with 1.5.0.9. We first noticed this issue in Fire fox 2.0.0 but could not figure out what was causing it. I tried the test with OS X and it seems to be unaffected. If you need more information please feel free to contact me.
Updated•17 years ago
|
Assignee: nobody → form-submission
Component: General → HTML: Form Submission
Product: Firefox → Core
QA Contact: general → ian
Version: unspecified → 1.8 Branch
Updated•15 years ago
|
Assignee: form-submission → nobody
QA Contact: ian → form-submission
Assignee | ||
Updated•5 years ago
|
Component: HTML: Form Submission → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•