Closed
Bug 670333
Opened 13 years ago
Closed 13 years ago
Content-Disposition parser does not require presence of "=" in params
Categories
(Core :: Networking, defect)
Core
Networking
Tracking
()
RESOLVED
FIXED
mozilla8
People
(Reporter: julian.reschke, Assigned: julian.reschke)
References
(Blocks 1 open bug, )
Details
Attachments
(1 file, 1 obsolete file)
|
(deleted),
patch
|
Details | Diff | Splinter Review |
When parsing C-D header fields, the code apparently accepts params without no equals characters and tolerates whitespace as well.
Test case at <http://greenbytes.de/tech/tc2231/#attwithfn2231ws1>
Header field:
Content-Disposition: attachment; filename *=UTF-8''foo-%c3%a4.html
Extracted filename:
_=UTF-8''foo-%c3%a4.html
which appears to be the next element in the field, with "*" replaced by "_" in order to produce a safe filename.
|
Assignee | |
Comment 1•13 years ago
|
||
test case and mimimal patch; checking that we indeed saw a "=" between name and parameter, otherwise skipping
Attachment #545075 -
Flags: review?(bzbarsky)
|
||
Comment 2•13 years ago
|
||
Comment on attachment 545075 [details] [diff] [review]
test case and proposed patch
Can you also add a test that "filename = foo-A.html" still works?
Also, wouldn't it make sense to make "actual bug" and "sanity check" identical except for the space before '*'?
r=me with those changes.
Attachment #545075 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Comment 3•13 years ago
|
||
test cases (improved as suggested by Boris) and proposed patch
Attachment #545075 -
Attachment is obsolete: true
|
|
||
Updated•13 years ago
|
Assignee: nobody → julian.reschke
Keywords: checkin-needed
|
|
||
Comment 4•13 years ago
|
||
|
||
Comment 5•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•13 years ago
|
OS: Windows 7 → All
Hardware: x86 → All
You need to log in
before you can comment on or make changes to this bug.
Description
•