Bug 42158

Summary: Improve support for multipart/form-data requests in HTTP Proxy server
Product: JMeter - Now in Github Reporter: Alf Hogemark <alf>
Component: HTTPAssignee: JMeter issues mailing list <issues>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: P2    
Version: 2.2   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Suggested patch
Updated patch
Updated patch
Updated patch

Description Alf Hogemark 2007-04-18 04:21:16 UTC 
The code in MultipartUrlConfig.java that currently handles the parsing of
multipart/form-data request is vunerable.
If a multipart section contains any header except "Content-Disposition:
form-data;", for example a "Content-Type: text/plain", the parsing uses
everything after the first headerline as the value of the form parameter.

The same problem is present for file uploads

I suggest to add support for having any headers in the multipar sections.
Comment 1 Alf Hogemark 2007-04-18 04:23:31 UTC 
Created attachment 19988 [details]
Suggested patch

This suggested patch uses regular expression to find values for headers we need
during parsing of multipart sections. Headers which are not used, are ignored.
This patch also sets the value for the parameter correctly.

This patch also adds a number of unit tests for parsing of http posting of
multipart/form-data and file uploads.
Comment 2 Alf Hogemark 2007-04-18 05:07:53 UTC 
Created attachment 19989 [details]
Updated patch

Same patch as above, but add if test to only set file parameters in sampler, if
a file name is present. If you have a form with both fields and file upload
fields, then there will be multipart section for the the file upload fields,
with filename="" if you do not specify a file for it. It is only confusing to
set the mime type and file field values in the sampler in this case.
Comment 3 Alf Hogemark 2007-04-18 05:24:29 UTC 
Created attachment 19990 [details]
Updated patch

This updated patch adds the private method addNonEncodedArgument, so that in
the sampler that is put into the test plan, the "Encode?" checkbox is off.
A multipart/form-data request that is sent by Jmeter does not use the "Encode?"
setting at all, because multipart/form-data values are not url encoded.
So I think it is less likely to confuse the user if the checkbox is always off.
Comment 4 Sebb 2007-04-18 14:49:00 UTC 
The test case testPostMultipartFormData() fails the checkArgument() tests - 
the arg.isAlwaysEncoded() comparisons fail. I'm not sure if this is a test 
error or a bug ...
Comment 5 Alf Hogemark 2007-04-18 23:07:16 UTC 
Created attachment 19995 [details]
Updated patch

I'm sorry, but I forgot to update the unit tests after the last minute change
to add the private method addNonEncodedArgument.

I have now updated the unit tests, because the "Encode?" will always be false
now, for multipart/form-data requests.

I have also included an unrelated change to the
TestHTTPSamplersAgainstHttpMirrorServer, which was lost when patches where
applied for it yesterday.
Comment 6 Sebb 2007-04-19 14:05:20 UTC 
Thanks - applied to SVN in r530547
Comment 7 The ASF infrastructure team 2022-09-24 20:37:39 UTC 
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/1914