Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames.

Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames.

[Christian Neukirchen]

http://github.com/rack/rack/commit/a36ac970fd682f07c3e57756542791679f5fcf84

We spell quotes as quotes, right?

Also I think test/multipart/filename_with_unescaped_qoutes will likely
break correct behavior, but I can't show that atm.

-- 
Christian Neukirchen  <chneukirchen@gmail.com>  http://chneukirchen.org

Re: Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames.

[Joshua Peek]

On Thu, Jan 21, 2010 at 6:54 AM, Christian Neukirchen
<chneukirchen@gmail.com> wrote:
> http://github.com/rack/rack/commit/a36ac970fd682f07c3e57756542791679f5fcf84
>
> We spell quotes as quotes, right?

lol, i spelled it right half the time. Will fix.

> Also I think test/multipart/filename_with_unescaped_qoutes will likely
> break correct behavior, but I can't show that atm.

Its common for users to upload files like: My "Report".txt which is
failing on Rails 2.3 forward. We're going run this new parser on some
exceptions we've been getting related to file uploads to make sure it
covers most of those cases and doesn't break anything that we expected
to work before.

The intent is to have it parse filename according to the rfc if not
fallback and try to guess whats broken. The first pass looks for
correctly formatted value and extracts it according to rfc 2183. If it
doesn't match and has unescaped quotes that will fail and it will try
to parse it more liberally.

I worked on this with the help of Sam Ruby who is part of the W3C
html5 working group.

All multipart parser changes need to have tests going forward:
* http://github.com/rack/rack/commit/337b758bfecc16d1401c336fb38684296dc280db
* http://github.com/rack/rack/commit/6674f3652ed19136802a0b84f1923f0b78052442

We should consider doing a 1.1.1 soon.

-- 
Joshua Peek