perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Miles Crawford" <mcraw...@u.washington.edu>
Subject Quotes in uploaded filenames are not parsed correctly.
Date Sat, 03 Jan 2009 00:33:31 GMT
When you handle a multipart/form-data post with libapreq quotes in
filenames are mishandled.  For example, a post that includes:

Content-Disposition: form-data; name="foo"; filename="break"here.jpg"

Will result in a filename of just 'break'.

To reproduce, set up a test following the snippets below, and upload a
file named 'break"here.jpg' to the resulting form.

I'm using Apache/2.2.9 (Ubuntu) DAV/2 SVN/1.5.1 mod_ssl/2.2.9
OpenSSL/0.9.8g mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0

In your error log you will see just 'break'.

---httpd.conf---
<Perl>
use lib qw(/home/mcrawfor/);
</Perl>
PerlModule QuoteParse
<Location /test/>
SetHandler perl-script
PerlResponseHandler QuoteParse
</Location>

---QuoteParse.pm---
package QuoteParse;

use strict;
use warnings;

use Apache2::RequestRec ();
use Apache2::Request ();

use Apache2::Const -compile => qw(OK);

sub handler {
    my $r = shift;
    my $req = Apache2::Request->new($r);

    warn $req->param('foo');

    $r->content_type('text/html');
    print "<form method='post' enctype='multipart/form-data'><input
type='file' name='foo'><input type='submit'></form>";

    return Apache2::Const::OK;
}

1;

Mime
View raw message