perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Miles Crawford" <>
Subject Re: Quotes in uploaded filenames are not parsed correctly.
Date Mon, 05 Jan 2009 16:35:05 GMT
That's actually what my production code does (where I originally found
this error) and I was trying to simplify the testcase down for the bug
report. ;)

If you set up the test exactly as described before, but use the
following Perl code instead, you still see just 'break' in the error

package QuoteParse;

use strict;
use warnings;

use Apache2::RequestRec ();
use Apache2::Request ();
use Apache2::Upload();

use Apache2::Const -compile => qw(OK);

sub handler {
    my $r = shift;
    my $req = Apache2::Request->new($r);

    if( my $upload = $req->upload('foo') ){
        warn $upload->filename();

    print "<form method='post' enctype='multipart/form-data'><input
type='file' name='foo'><input type='submit'></form>";

    return Apache2::Const::OK;


On Mon, Jan 5, 2009 at 7:50 AM, Adam Prime <> wrote:
> Miles Crawford wrote:
>> I agree it looks bogus, but safari and firefox send the header in that
>> format.  Not sure about IE since Windows does not allow files with a "
>> in the name.
>> I looked over the Content-Disposition header RFC but it does not seem
>> to address escaping directly.
>> Either way, it seems that this format is a "browser fact of life"
> I suggested this in IRC, but never saw a reply.  Perhaps it's because you're
> using $r->param for a input type=file?  I'd check to see what
> $upload->filename gives you when you use Apache2::Upload to handle the file
> upload instead.
> Adam

View raw message