[WW-4818] Default Multipart validation regex is invalid - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.12
Fix Version/s: 2.5.13
Component/s: None
Labels:
None

Description

2.5.12 introduced a regex matches for multipart requests. The default regex used, however is significantly too strict based on the RFC, as well as common practice. Specifically, at minimum, it needs to include the hyphen and more likely needs to support all of the fields defined by the RFC (https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html).

bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-" / "." / "/" / ":" / "=" / "?"

In basic testing, we've seen:

 Content-Type: multipart/form-data; boundary=BRKIypZ3Stvuclu7C-CTbP2fNljGAOVk[\r][\n]

(generated by the Apache HttpClient)
and

multipart/form-data; boundary=----WebKitFormBoundaryZGDtABnGWGozLAjh

(generated by Safari)

Attachments

Issue Links

is broken by

WW-4768 Add proper validation if request is a multipart request

Closed

links to

GitHub Pull Request #151

Activity

People

Assignee:: Unassigned

Reporter:: adam brin

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 14/Jul/17 17:55

Updated:: 06/Sep/17 09:18

Resolved:: 30/Jul/17 10:01