hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject httpcomponents-client git commit: HTTPCLIENT-1859: Encode header name, filename appropriately
Date Fri, 23 Jun 2017 13:10:32 GMT
Repository: httpcomponents-client
Updated Branches:
  refs/heads/4.6.x dcf0c95b4 -> f0c7a3448


HTTPCLIENT-1859: Encode header name, filename appropriately


Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/commit/f0c7a344
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/tree/f0c7a344
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/diff/f0c7a344

Branch: refs/heads/4.6.x
Commit: f0c7a3448428fcd7e5b292bca8517c09bc71c3c6
Parents: dcf0c95
Author: Karl Wright <DaddyWri@gmail.com>
Authored: Thu Jun 22 09:51:27 2017 -0400
Committer: Oleg Kalnichevski <olegk@apache.org>
Committed: Fri Jun 23 15:08:57 2017 +0200

----------------------------------------------------------------------
 .../http/entity/mime/FormBodyPartBuilder.java   | 19 +++++++++++++--
 .../entity/mime/TestFormBodyPartBuilder.java    | 25 ++++++++++++++++++++
 2 files changed, 42 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/f0c7a344/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java
----------------------------------------------------------------------
diff --git a/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java b/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java
index a04d9d6..31c203a 100644
--- a/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java
+++ b/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java
@@ -103,11 +103,11 @@ public class FormBodyPartBuilder {
         if (headerCopy.getField(MIME.CONTENT_DISPOSITION) == null) {
             final StringBuilder buffer = new StringBuilder();
             buffer.append("form-data; name=\"");
-            buffer.append(this.name);
+            buffer.append(encodeForHeader(this.name));
             buffer.append("\"");
             if (this.body.getFilename() != null) {
                 buffer.append("; filename=\"");
-                buffer.append(this.body.getFilename());
+                buffer.append(encodeForHeader(this.body.getFilename()));
                 buffer.append("\"");
             }
             headerCopy.addField(new MinimalField(MIME.CONTENT_DISPOSITION, buffer.toString()));
@@ -138,4 +138,19 @@ public class FormBodyPartBuilder {
         return new FormBodyPart(this.name, this.body, headerCopy);
     }
 
+    private static String encodeForHeader(final String headerName) {
+        if (headerName == null) {
+            return null;
+        }
+        final StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < headerName.length(); i++) {
+            final char x = headerName.charAt(i);
+            if (x == '"' || x == '\\' || x == '\r') {
+                sb.append("\\");
+            }
+            sb.append(x);
+        }
+        return sb.toString();
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/f0c7a344/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java
----------------------------------------------------------------------
diff --git a/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java
b/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java
index 49a6bd8..56dd4f9 100644
--- a/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java
+++ b/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java
@@ -27,12 +27,14 @@
 
 package org.apache.http.entity.mime;
 
+import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.util.Arrays;
 import java.util.List;
 
 import org.apache.http.entity.ContentType;
 import org.apache.http.entity.mime.content.FileBody;
+import org.apache.http.entity.mime.content.InputStreamBody;
 import org.apache.http.entity.mime.content.StringBody;
 import org.junit.Assert;
 import org.junit.Test;
@@ -59,6 +61,29 @@ public class TestFormBodyPartBuilder {
     }
 
     @Test
+    public void testCharacterStuffing() throws Exception {
+        final FormBodyPartBuilder builder = FormBodyPartBuilder.create();
+        final InputStreamBody fileBody = new InputStreamBody(new ByteArrayInputStream(
+                "hello world".getBytes("UTF-8")), "stuff_with \"quotes\" and \\slashes\\.bin");
+        final FormBodyPart bodyPart2 = builder
+                .setName("yada_with \"quotes\" and \\slashes\\")
+                .setBody(fileBody)
+                .build();
+
+        Assert.assertNotNull(bodyPart2);
+        Assert.assertEquals("yada_with \"quotes\" and \\slashes\\", bodyPart2.getName());
+        Assert.assertEquals(fileBody, bodyPart2.getBody());
+        final Header header2 = bodyPart2.getHeader();
+        Assert.assertNotNull(header2);
+        assertFields(Arrays.asList(
+                        new MinimalField("Content-Disposition", "form-data; name=\"yada_with
\\\"quotes\\\" " +
+                                "and \\\\slashes\\\\\"; filename=\"stuff_with \\\"quotes\\\"
and \\\\slashes\\\\.bin\""),
+                        new MinimalField("Content-Type", "application/octet-stream"),
+                        new MinimalField("Content-Transfer-Encoding", "binary")),
+                header2.getFields());
+    }
+
+    @Test
     public void testBuildBodyPartMultipleBuilds() throws Exception {
         final StringBody stringBody = new StringBody("stuff", ContentType.TEXT_PLAIN);
         final FormBodyPartBuilder builder = FormBodyPartBuilder.create();


Mime
View raw message