rack-devel archive mirror (unofficial) https://groups.google.com/group/rack-devel
 help / color / mirror / code / Atom feed
* Ad. Improve multipart parsing support for UAs that don't correctly  escape Content-Disposition filenames.
@ 2010-01-21 12:54 Christian Neukirchen
  2010-01-21 14:07 ` Joshua Peek
  0 siblings, 1 reply; 2+ messages in thread
From: Christian Neukirchen @ 2010-01-21 12:54 UTC (permalink / raw)
  To: rack-devel

http://github.com/rack/rack/commit/a36ac970fd682f07c3e57756542791679f5fcf84

We spell quotes as quotes, right?

Also I think test/multipart/filename_with_unescaped_qoutes will likely
break correct behavior, but I can't show that atm.

-- 
Christian Neukirchen  <chneukirchen@gmail.com>  http://chneukirchen.org

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Ad. Improve multipart parsing support for UAs that don't  correctly escape Content-Disposition filenames.
  2010-01-21 12:54 Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames Christian Neukirchen
@ 2010-01-21 14:07 ` Joshua Peek
  0 siblings, 0 replies; 2+ messages in thread
From: Joshua Peek @ 2010-01-21 14:07 UTC (permalink / raw)
  To: rack-devel

On Thu, Jan 21, 2010 at 6:54 AM, Christian Neukirchen
<chneukirchen@gmail.com> wrote:
> http://github.com/rack/rack/commit/a36ac970fd682f07c3e57756542791679f5fcf84
>
> We spell quotes as quotes, right?

lol, i spelled it right half the time. Will fix.

> Also I think test/multipart/filename_with_unescaped_qoutes will likely
> break correct behavior, but I can't show that atm.

Its common for users to upload files like: My "Report".txt which is
failing on Rails 2.3 forward. We're going run this new parser on some
exceptions we've been getting related to file uploads to make sure it
covers most of those cases and doesn't break anything that we expected
to work before.

The intent is to have it parse filename according to the rfc if not
fallback and try to guess whats broken. The first pass looks for
correctly formatted value and extracts it according to rfc 2183. If it
doesn't match and has unescaped quotes that will fail and it will try
to parse it more liberally.

I worked on this with the help of Sam Ruby who is part of the W3C
html5 working group.

All multipart parser changes need to have tests going forward:
* http://github.com/rack/rack/commit/337b758bfecc16d1401c336fb38684296dc280db
* http://github.com/rack/rack/commit/6674f3652ed19136802a0b84f1923f0b78052442

We should consider doing a 1.1.1 soon.

-- 
Joshua Peek

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-01-21 14:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-01-21 12:54 Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames Christian Neukirchen
2010-01-21 14:07 ` Joshua Peek

Code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/rack.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).