* Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames. @ 2010-01-21 12:54 Christian Neukirchen 2010-01-21 14:07 ` Joshua Peek 0 siblings, 1 reply; 2+ messages in thread From: Christian Neukirchen @ 2010-01-21 12:54 UTC (permalink / raw) To: rack-devel http://github.com/rack/rack/commit/a36ac970fd682f07c3e57756542791679f5fcf84 We spell quotes as quotes, right? Also I think test/multipart/filename_with_unescaped_qoutes will likely break correct behavior, but I can't show that atm. -- Christian Neukirchen <chneukirchen@gmail.com> http://chneukirchen.org ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames. 2010-01-21 12:54 Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames Christian Neukirchen @ 2010-01-21 14:07 ` Joshua Peek 0 siblings, 0 replies; 2+ messages in thread From: Joshua Peek @ 2010-01-21 14:07 UTC (permalink / raw) To: rack-devel On Thu, Jan 21, 2010 at 6:54 AM, Christian Neukirchen <chneukirchen@gmail.com> wrote: > http://github.com/rack/rack/commit/a36ac970fd682f07c3e57756542791679f5fcf84 > > We spell quotes as quotes, right? lol, i spelled it right half the time. Will fix. > Also I think test/multipart/filename_with_unescaped_qoutes will likely > break correct behavior, but I can't show that atm. Its common for users to upload files like: My "Report".txt which is failing on Rails 2.3 forward. We're going run this new parser on some exceptions we've been getting related to file uploads to make sure it covers most of those cases and doesn't break anything that we expected to work before. The intent is to have it parse filename according to the rfc if not fallback and try to guess whats broken. The first pass looks for correctly formatted value and extracts it according to rfc 2183. If it doesn't match and has unescaped quotes that will fail and it will try to parse it more liberally. I worked on this with the help of Sam Ruby who is part of the W3C html5 working group. All multipart parser changes need to have tests going forward: * http://github.com/rack/rack/commit/337b758bfecc16d1401c336fb38684296dc280db * http://github.com/rack/rack/commit/6674f3652ed19136802a0b84f1923f0b78052442 We should consider doing a 1.1.1 soon. -- Joshua Peek ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-01-21 14:08 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2010-01-21 12:54 Ad. Improve multipart parsing support for UAs that don't correctly escape Content-Disposition filenames Christian Neukirchen 2010-01-21 14:07 ` Joshua Peek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).