You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by bu...@apache.org on 2003/07/02 12:09:34 UTC
DO NOT REPLY [Bug 21269] New: -
FileUploadBase does not handle quoted boundary specification, which is required by RFC 1521
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21269>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21269
FileUploadBase does not handle quoted boundary specification, which is required by RFC 1521
Summary: FileUploadBase does not handle quoted boundary
specification, which is required by RFC 1521
Product: Commons
Version: 1.0 Final
Platform: All
URL: http://www.faqs.org/rfcs/rfc1521.html
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: File Upload
AssignedTo: commons-dev@jakarta.apache.org
ReportedBy: peter.chase@globalgraphics.com
In FileUploadBase.parseRequest(), the boundary string is computed by:
int boundaryIndex = contentType.indexOf("boundary=");
byte[] boundary = contentType.substring(boundaryIndex + 9).getBytes();
This is OK if the boundary string is unquoted. But RFC 1521 states clearly
that boundary strings may, and in some cases must, be quoted.
The consequence is that a request containing a quoted boundary string fails to
parse. The exact behaviour is that the parsing completes "successfully" but no
FileItems are found.
The code should look for a leading quote and, if found, move on by one
character before reading the boundary string. Perhaps it should check for the
trailing quote, too. Your test suites should be extended to test this case.
The examples in RFC 1521 show double quotes being used, and that is what
provoked the failure in the system I am trying to build. However, single
quotes may also be allowed (it probably says yes or no somewhere in the RFC).
If confirmed to be correct, I think that this is quite a serious fault,
requiring rapid attention. I have not provided a proposed patch, at this
stage, but would be willing to do so, if asked.
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org