New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CGI file upload file name parsing errors #8190
Comments
From aspa@merlot.kronodoc.fiCreated by aspa@merlot.kronodoc.fiI'm using the CGI module to parse HTTP POST file upload requests. Content-Disposition: form-data; name="filename1"; filename="foo;bar.txt" which would cause CGI to fail the file name parsing. According to RFC 1867, 2183 and 2045 the file name field value can contain A related issue is that when the file name parsing fails the file content I would propose the following patch to the CGI module to fix these issues: 3258c3258,3260
[a-z\d!#'\*\+,\.^_\`\{\}\|\~]*))/i;
3262a3265,3269
-- Perl Info
|
From marko.asplund@kronodoc.comThe following part in the patch breaks HTML forms with multiple file upload elements when if($header{'Content-Disposition'}=~/ filename=/ && !$filename) { |
From @smpeters
Could you please resend the patch as a diff -u (if your diff supports Thanks. |
The RT System itself - Status changed from 'new' to 'open' |
From marko.asplund@kronodoc.com
here you go. br. aspa |
From marko.asplund@kronodoc.comcgipm.patch--- /opt/kronodoc/perl/ARCHIVE/kb3401dr2/lib/5.8.7/CGI.pm 2005-07-11 10:15:47.000000000 +0300
+++ CGI.pm 2005-11-04 15:03:42.000000000 +0200
@@ -19,7 +19,7 @@
# http://stein.cshl.org/WWW/software/CGI/
$CGI::revision = '$Id: CGI.pm,v 1.181 2005/05/13 21:45:26 lstein Exp $';
-$CGI::VERSION='3.10';
+$CGI::VERSION='3.10-kd1';
# HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
# UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
@@ -3255,7 +3255,11 @@
$param .= $TAINTED;
# Bug: Netscape doesn't escape quotation marks in file names!!!
- my($filename) = $header{'Content-Disposition'}=~/ filename="([^;]*)"/;
+ # See RFC 1867, 2183, 2045
+ # NB: File content will be loaded into memory should
+ # content-disposition parsing fail.
+ my ($filename) = $header{'Content-Disposition'}=~/ filename=(("[^"]*")|([a-z\d!\#'\*\+,\.^_\`\{\}\|\~]*))/i;
+ $filename =~ s/^"([^"]*)"$/$1/;
# Test for Opera's multiple upload feature
my($multipart) = ( defined( $header{'Content-Type'} ) &&
$header{'Content-Type'} =~ /multipart\/mixed/ ) ?
|
From @smpetersOn Tue Dec 27 23:40:27 2005, aspa wrote:
Sorry, but this response seems to never have made it to any mailing list. I've just applied this |
@smpeters - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#37607 (status was 'resolved')
Searchable as RT37607$
The text was updated successfully, but these errors were encountered: