Closed Bug 670333 Opened 10 years ago Closed 10 years ago
Content-Disposition parser does not require presence of "=" in params
When parsing C-D header fields, the code apparently accepts params without no equals characters and tolerates whitespace as well. Test case at <http://greenbytes.de/tech/tc2231/#attwithfn2231ws1> Header field: Content-Disposition: attachment; filename *=UTF-8''foo-%c3%a4.html Extracted filename: _=UTF-8''foo-%c3%a4.html which appears to be the next element in the field, with "*" replaced by "_" in order to produce a safe filename.
test case and mimimal patch; checking that we indeed saw a "=" between name and parameter, otherwise skipping
Attachment #545075 - Flags: review?(bzbarsky)
Comment on attachment 545075 [details] [diff] [review] test case and proposed patch Can you also add a test that "filename = foo-A.html" still works? Also, wouldn't it make sense to make "actual bug" and "sanity check" identical except for the space before '*'? r=me with those changes.
Attachment #545075 - Flags: review?(bzbarsky) → review+
test cases (improved as suggested by Boris) and proposed patch
Attachment #545075 - Attachment is obsolete: true
Assignee: nobody → julian.reschke
Target Milestone: --- → mozilla8
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.