httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <joe+apa...@sunstarsys.com>
Subject Re: multipart/form-data without file upload
Date Tue, 05 Feb 2002 16:34:24 GMT
borisk@xraymedia.com writes:

> Hi,
> 
> It seems that if I have a form with enctype of multipart/form-data
> but it doesn't actually have a file upload, libapreq still thinks
> that it has file upload. Thus, if my Apache is configured to disallow
> file uploads, all forms with multipart/form-data become broken.
> 
> Is there some technical problem that prevents fixing this, so that
> only multipart/form-data forms which actually have a file-upload in there
> would be ignored ?

No, I think we just have the test misplaced; it should be inside
the loop within apache_request.c 's ApacheRequest_parse_multipart().
While it's suboptimal to retest this condition for each upload
widget in a form submission, I can't imagine the performance 
difference being even slightly noticeable.

Here's an untested patch- I'll commit in a few days unless someone 
sees a problem with it.

% cvs diff
cvs server: Diffing .
cvs server: Diffing Cookie
cvs server: Diffing Request
cvs server: Diffing c
Index: c/apache_request.c
===================================================================
RCS file: /home/cvs/httpd-apreq/c/apache_request.c,v
retrieving revision 1.15
diff -u -r1.15 apache_request.c
--- c/apache_request.c  31 Jan 2002 06:35:12 -0000      1.15
+++ c/apache_request.c  5 Feb 2002 16:23:42 -0000
@@ -381,11 +381,6 @@
     multipart_buffer *mbuff;
     ApacheUpload *upload = NULL;
 
-    if (req->disable_uploads) {
-       ap_log_rerror(REQ_ERROR, "[libapreq] file upload forbidden");
-       return HTTP_FORBIDDEN;
-    }
-
     if (!ct) {
        ap_log_rerror(REQ_ERROR, "[libapreq] no Content-type header!");
        return HTTP_INTERNAL_SERVER_ERROR;
@@ -447,6 +442,12 @@
                continue;
            }
            if (!param) continue; /* shouldn't happen, but just in case. */
+
+            if (req->disable_uploads) {
+                ap_log_rerror(REQ_ERROR, "[libapreq] file upload forbidden");
+                return HTTP_FORBIDDEN;
+            }
+
            ap_table_add(req->parms, param, filename);

-- 
Joe Schaefer

Mime
View raw message