Closed
Bug 82634
Opened 24 years ago
Closed 22 years ago
file upload doesn't check user-entered filename [form sub]
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
FIXED
mozilla1.2alpha
People
(Reporter: gward, Assigned: alexsavulov)
References
()
Details
Attachments
(1 file)
|
1.42 KB,
application/octet-stream
|
Details |
File upload forms allow the user to type in in any random filename, but don't
check the filename. If it doesn't happen to name a file, the POSTed request
data acts as though the file exists but is empty.
|
||
Updated•23 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 1•23 years ago
|
||
Mass move of form submission bugs, Eric, I am sorry I don't have more time to
look at these closer.
Assignee: rods → pollmann
|
Assignee | |
Updated•23 years ago
|
Summary: file upload doesn't check user-entered filename → file upload doesn't check user-entered filename [form sub]
|
||
Comment 3•23 years ago
|
||
works for me on linux build 2001-10-08-08-trunk
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
With both Mozilla 0.9.5 and the 20011024 build, I see exactly the same behaviour
as I described when I submitted this bug back in May: Mozilla allows you to type
any random filename in a file upload form. It does not verify this filename.
If you enter a filename that does not exist, Mozilla pretends that the file
*does* exist and uploads a zero-byte file.
Mozilla's behaviour for unreadable files is even worse; it submits an incomplete
HTTP request, which leaves the server hanging. Here's a specific case: I
created a 4-byte file with mode 000, ie. unreadable by anyone. I asked Mozilla
to upload this file. Mozilla sent a request with "Content-Length: 722" in the
headers, and then sent 718 bytes of content. The four bytes that should have
been there for the uploaded file are missing; Mozilla pretends that this is an
empty file rather than realizing that it is unreadable. I'll try to attach the
HTTP request (captured with Ethereal) to demonstrate.
Anyways, both of these problems could be resolved if Mozilla simply validated
the filename entered by the user. Dunno if this is "1.0 critical", but it is a
bug and should not be forgotten. For the record, Konqueror gets it right (pops
up an error dialog if you enter a non-existent or unreadable file); Opera for
Linux behaves similarly to Mozilla. Hmmm.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
|
|
Assignee | |
Comment 6•23 years ago
|
||
looks like a dup of bug 116210
reporter:
can you test with a newer version please?
I would agree that bug 116210 is fixed in the latest build (I tried 20020108 on
Linux).
However, I do *not* think that the present bug is a duplicate of 116210; rather
116210 is a more severe manifestation (browser submits incomplete HTTP request
so server never returns response) of the general problem I described here back
in May 2001. That general problem -- that Mozilla fails to validate a
user-supplied upload filename -- is still present in the 20020108 build. If I
enter the name of a non-existent file, Mozilla pretends that it exists and
uploads an empty file. (Same thing if I enter the name of an unreadable file,
which is why I consider 116210 fixed.) This is obviously not as severe as
failing to submit a complete/correct HTTP request, but IMHO it's still lame.
I will note again that Konqueror (2.1 and 2.2) appears to be the only browser
for Linux that comes close to getting it right: if the user enters an unreadable
or non-existent file, it pops up a dialog to warn you of that.
|
|
Assignee | |
Comment 8•23 years ago
|
||
agree. is a specific problem.
setting milestone to 1.2 (unfortuantely it won't get approval sooner)
Target Milestone: --- → mozilla1.2
|
|
Assignee | |
Comment 9•23 years ago
|
||
*** Bug 110147 has been marked as a duplicate of this bug. ***
|
||
Comment 10•23 years ago
|
||
What should we do?
- Throw an error and not submit?
- Submit the name/value pair but not the file, like in normal POST? (No empty
files.)
- Submit everything else but the name/value pair? (Baaaad. Data corruption.)
I suppose #1 is best, we could bring up an alert.
|
||
Comment 11•23 years ago
|
||
This is still there in 0.9.8 . I think we should throw an error and not submit.
The pop-up error dialog might even offer to open the "browse" window for you to
try to locate the file in the same path location that the bogus filename was
entered, if the location exists.
|
|
||
Updated•23 years ago
|
OS: Linux → All
Hardware: PC → All
|
|
||
Comment 12•23 years ago
|
||
I changed the platform to "ALL" since I saw the same thing on OS/2.
|
|
||
Comment 13•23 years ago
|
||
This should be fixed as of the 17th of last month (post-0.9.8). We paid
specific attention to the problem. Please retest in a new nightly.
Here are the new rules:
- IF the entry is a valid filename that does not exist, we truncate to just
filename (no directories) and treat it like input type=text.
- IF the entry is an invalid filename, we treat it like input type=text.
This is better than what was there before; if we need a dialog to pop up, we can
morph this bug to do it, but the main problem in this bug is solved.
|
|
||
Comment 14•23 years ago
|
||
*** Bug 137944 has been marked as a duplicate of this bug. ***
|
|
||
Comment 15•22 years ago
|
||
Marking fixed.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 22 years ago
Resolution: --- → FIXED
|
|
||
Comment 17•22 years ago
|
||
*** Bug 181995 has been marked as a duplicate of this bug. ***
|
||
Updated•6 years ago
|
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•