From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.140.141.15 with SMTP id o15cs611213rvd; Thu, 21 Jan 2010 06:08:25 -0800 (PST) Received: from mr.google.com ([10.140.83.14]) by 10.140.83.14 with SMTP id g14mr627187rvb.0.1264082904894 (num_hops = 1); Thu, 21 Jan 2010 06:08:24 -0800 (PST) Received: by 10.140.83.14 with SMTP id g14mr50059rvb.0.1264082903215; Thu, 21 Jan 2010 06:08:23 -0800 (PST) X-BeenThere: rack-devel@googlegroups.com Received: by 10.141.187.19 with SMTP id o19ls502668rvp.0.p; Thu, 21 Jan 2010 06:08:21 -0800 (PST) Received: by 10.140.82.9 with SMTP id f9mr266333rvb.22.1264082900274; Thu, 21 Jan 2010 06:08:20 -0800 (PST) Received: by 10.140.82.9 with SMTP id f9mr266332rvb.22.1264082900250; Thu, 21 Jan 2010 06:08:20 -0800 (PST) Return-Path: Received: from mail-pw0-f47.google.com (mail-pw0-f47.google.com [209.85.160.47]) by gmr-mx.google.com with ESMTP id 18si276545pzk.5.2010.01.21.06.08.19; Thu, 21 Jan 2010 06:08:19 -0800 (PST) Received-SPF: pass (google.com: domain of joshpeek@gmail.com designates 209.85.160.47 as permitted sender) client-ip=209.85.160.47; Received: by mail-pw0-f47.google.com with SMTP id 10so4778209pwj.6 for ; Thu, 21 Jan 2010 06:08:19 -0800 (PST) MIME-Version: 1.0 Sender: rack-devel@googlegroups.com Received: by 10.114.68.9 with SMTP id q9mr1065749waa.20.1264082899096; Thu, 21 Jan 2010 06:08:19 -0800 (PST) In-Reply-To: References: From: Joshua Peek Date: Thu, 21 Jan 2010 08:07:59 -0600 Message-ID: <1c5622661001210607j2bd60f7ct92e7daeca4393cad@mail.gmail.com> Subject: Re: Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames. To: rack-devel@googlegroups.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of joshpeek@gmail.com designates 209.85.160.47 as permitted sender) smtp.mail=joshpeek@gmail.com; dkim=pass (test mode) header.i=@gmail.com X-Original-Sender: josh@joshpeek.com Reply-To: rack-devel@googlegroups.com Precedence: list Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com List-ID: List-Post: , List-Help: , List-Archive: X-Thread-Url: http://groups.google.com/group/rack-devel/t/8acd12caad46bc9e X-Message-Url: http://groups.google.com/group/rack-devel/msg/9d45226edb501ef2 List-Unsubscribe: , List-Subscribe: , Content-Type: text/plain; charset=UTF-8 On Thu, Jan 21, 2010 at 6:54 AM, Christian Neukirchen wrote: > http://github.com/rack/rack/commit/a36ac970fd682f07c3e57756542791679f5fcf84 > > We spell quotes as quotes, right? lol, i spelled it right half the time. Will fix. > Also I think test/multipart/filename_with_unescaped_qoutes will likely > break correct behavior, but I can't show that atm. Its common for users to upload files like: My "Report".txt which is failing on Rails 2.3 forward. We're going run this new parser on some exceptions we've been getting related to file uploads to make sure it covers most of those cases and doesn't break anything that we expected to work before. The intent is to have it parse filename according to the rfc if not fallback and try to guess whats broken. The first pass looks for correctly formatted value and extracts it according to rfc 2183. If it doesn't match and has unescaped quotes that will fail and it will try to parse it more liberally. I worked on this with the help of Sam Ruby who is part of the W3C html5 working group. All multipart parser changes need to have tests going forward: * http://github.com/rack/rack/commit/337b758bfecc16d1401c336fb38684296dc280db * http://github.com/rack/rack/commit/6674f3652ed19136802a0b84f1923f0b78052442 We should consider doing a 1.1.1 soon. -- Joshua Peek