[#MODPYTHON-159] multiline headers in multipart/form not handled

mod_python

multiline headers in multipart/form not handled

Created: 11/Apr/06 06:44 PM Updated: 17/Apr/07 10:29 AM

Return to search

Component/s:

core

Affects Version/s:

3.1.4, 3.2.8

Fix Version/s:

3.3.1

Time Tracking:

Not Specified

File Attachments:

	File Name	Date Attached	Attached By	Size
	MP159-20060911-grahamd-1.diff	2006-09-11 12:01 PM	Graham Dumpleton	1 kB

Resolution Date:

02/Oct/06 03:09 AM

Description

« Hide

Reported a long time back on mailing list that multiline headers in a multipart/form post are not handled properly by util.FieldStorage class.

http://www.modpython.org/pipermail/mod_python/2001-November/012256.html

This seems to never have been addressed. Further comments confirming this posted in:

http://www.mail-archive.com/python-dev@httpd.apache.org/msg01805.html

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

Graham Dumpleton added a comment - 13/Aug/06 10:29 AM

Another candidate for 3.3. Fix should be pretty simple, just need to adapt the original proposed change as posted on mailing list back in 2001.

Graham Dumpleton made changes - 13/Aug/06 10:29 AM

Field	Original Value	New Value
Fix Version/s		3.3 [ 12310101 ]

[ Permlink | « Hide ]

Graham Dumpleton added a comment - 11/Sep/06 11:59 AM

Does this patch seem correct for current implementation of util.FieldStorage?

Index: lib/python/mod_python/util.py
===================================================================
--- lib/python/mod_python/util.py (revision 442143)
+++ lib/python/mod_python/util.py (working copy)
@@ -174,6 +174,10 @@

             skip_this_part = False
             while line not in ('\r','\r\n'):
+ nextline = req.readline(readBlockSize)
+ while nextline and nextline[0] in [ ' ', '\t']:
+ line = line + nextline
+ nextline = req.readline(readBlockSize)
                 # we read the headers until we reach an empty line
                 # NOTE : a single \n would mean the entity is malformed, but
                 # we're tolerating it anyway
@@ -192,7 +196,7 @@
                     if ctype.find('/') == -1:
                         ctype = 'application/octet-stream'

- line = req.readline(readBlockSize)
+ line = nextline
                 match = boundary.match(line)
                 if (not line) or match:
                     # we stop if we reached the end of the stream or a stop boundary

[ Permlink | « Hide ]

Graham Dumpleton added a comment - 11/Sep/06 12:01 PM

Indenting got stuffed up when pasted in for some reason. Have attached possible patch instead.

Graham Dumpleton made changes - 11/Sep/06 12:01 PM

Attachment

MP159-20060911-grahamd-1.diff [ 12340566 ]

Graham Dumpleton made changes - 02/Oct/06 01:49 AM

Assignee

Graham Dumpleton [ grahamd ]

Graham Dumpleton made changes - 02/Oct/06 01:49 AM

Status

Open [ 1 ]

In Progress [ 3 ]

Repository	Revision	Date	User	Message
ASF	#451861	Mon Oct 02 03:08:17 UTC 2006	grahamd	(~~MODPYTHON-159~~) Fix FieldStorage class so that it can handle multiline headers.
				Files Changed
				MODIFY /httpd/mod_python/trunk/test/test.py MODIFY /httpd/mod_python/trunk/lib/python/mod_python/util.py MODIFY /httpd/mod_python/trunk/Doc/appendixc.tex

Graham Dumpleton made changes - 02/Oct/06 03:09 AM

Resolution		Fixed [ 1 ]
Status	In Progress [ 3 ]	Resolved [ 5 ]

Graham Dumpleton made changes - 17/Apr/07 10:29 AM

Status

Resolved [ 5 ]

Closed [ 6 ]