The default bug view has changed. See this FAQ.

Content-Disposition parser does not require presence of "=" in params

RESOLVED FIXED in mozilla8

Status

()

Core
Networking
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Julian Reschke, Assigned: Julian Reschke)

Tracking

(Blocks: 1 bug)

Trunk
mozilla8
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

6 years ago
When parsing C-D header fields, the code apparently accepts params without no equals characters and tolerates whitespace as well.

Test case at <http://greenbytes.de/tech/tc2231/#attwithfn2231ws1>

Header field:

  Content-Disposition: attachment; filename *=UTF-8''foo-%c3%a4.html

Extracted filename:

  _=UTF-8''foo-%c3%a4.html

which appears to be the next element in the field, with "*" replaced by "_" in order to produce a safe filename.
(Assignee)

Updated

6 years ago
Blocks: 609667
(Assignee)

Comment 1

6 years ago
Created attachment 545075 [details] [diff] [review]
test case and proposed patch

test case and mimimal patch; checking that we indeed saw a "=" between name and parameter, otherwise skipping
Attachment #545075 - Flags: review?(bzbarsky)
Comment on attachment 545075 [details] [diff] [review]
test case and proposed patch

Can you also add a test that "filename = foo-A.html" still works?

Also, wouldn't it make sense to make "actual bug" and "sanity check" identical except for the space before '*'?

r=me with those changes.
Attachment #545075 - Flags: review?(bzbarsky) → review+
(Assignee)

Comment 3

6 years ago
Created attachment 545215 [details] [diff] [review]
proposed patch

test cases (improved as suggested by Boris) and proposed patch
Attachment #545075 - Attachment is obsolete: true
Assignee: nobody → julian.reschke
Keywords: checkin-needed
Thanks!

Pushed http://hg.mozilla.org/integration/mozilla-inbound/rev/5a7b496ddbae
Flags: in-testsuite+
Keywords: checkin-needed
Target Milestone: --- → mozilla8
Merged:
http://hg.mozilla.org/mozilla-central/rev/5a7b496ddbae
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Assignee)

Updated

6 years ago
OS: Windows 7 → All
Hardware: x86 → All
You need to log in before you can comment on or make changes to this bug.