summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGary Grossman <ggrossman@zendesk.com>2015-09-06 00:20:30 -0700
committerGary Grossman <ggrossman@zendesk.com>2015-09-06 00:20:30 -0700
commit319dd6290c569e0519adc9b0dc290346833fa378 (patch)
tree7c529865902d8ea6abbc1b4316deb50286ac75c7
parenta46eae2345a00666ade983740ac27c79adc7bd70 (diff)
downloadrack-319dd6290c569e0519adc9b0dc290346833fa378.tar.gz
Fix bug in parsing of Content-Disposition header where an unquoted name at end-of-line sucked in the trailing newline.
Diffstat
-rw-r--r--lib/rack/multipart.rb2
-rw-r--r--lib/rack/multipart/parser.rb1
-rw-r--r--test/spec_multipart.rb20
3 files changed, 22 insertions, 1 deletions
diff --git a/lib/rack/multipart.rb b/lib/rack/multipart.rb
index 12c3917b..cc2d6ebb 100644
--- a/lib/rack/multipart.rb
+++ b/lib/rack/multipart.rb
@@ -17,7 +17,7 @@ module Rack
BROKEN_QUOTED = /^#{CONDISP}.*;\sfilename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
BROKEN_UNQUOTED = /^#{CONDISP}.*;\sfilename=(#{TOKEN})/i
MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
- MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name="?([^\";]*)"?/ni
+ MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name=(#{TOKEN}|"[^\";]*")/ni
MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
# Updated definitions from RFC 2231
ATTRIBUTE_CHAR = %r{[^ \t\v\n\r)(><@,;:\\"/\[\]?='*%]}
diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb
index 8196207c..bc0162b4 100644
--- a/lib/rack/multipart/parser.rb
+++ b/lib/rack/multipart/parser.rb
@@ -246,6 +246,7 @@ module Rack
content_type = head[MULTIPART_CONTENT_TYPE, 1]
name = head[MULTIPART_CONTENT_DISPOSITION, 1] || head[MULTIPART_CONTENT_ID, 1]
+ name.gsub!(/\A"|"\Z/, '') if name
filename = get_filename(head)
diff --git a/test/spec_multipart.rb b/test/spec_multipart.rb
index cfe508c1..7f7e6856 100644
--- a/test/spec_multipart.rb
+++ b/test/spec_multipart.rb
@@ -606,6 +606,26 @@ contents\r
params["file"][:filename].must_equal 'long' * 100
end
+ it "parse unquoted parameter values at end of line" do
+ data = <<-EOF
+--AaB03x\r
+Content-Type: text/plain\r
+Content-Disposition: attachment; name=inline\r
+\r
+true\r
+--AaB03x--\r
+ EOF
+
+ options = {
+ "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
+ "CONTENT_LENGTH" => data.length.to_s,
+ :input => StringIO.new(data)
+ }
+ env = Rack::MockRequest.env_for("/", options)
+ params = Rack::Multipart.parse_multipart(env)
+ params["inline"].must_equal 'true'
+ end
+
it "support mixed case metadata" do
file = multipart_file(:text)
data = File.open(file, 'rb') { |io| io.read }
View Lorry Controller Status