diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/entity/mime/FormBodyPartBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/entity/mime/FormBodyPartBuilder.java index 25bf4f2..5195cc6 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/entity/mime/FormBodyPartBuilder.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/entity/mime/FormBodyPartBuilder.java @@ -101,11 +101,11 @@ public FormBodyPart build() { if (headerCopy.getField(MIME.CONTENT_DISPOSITION) == null) { final StringBuilder buffer = new StringBuilder(); buffer.append("form-data; name=\""); - buffer.append(this.name); + buffer.append(encodeForHeader(this.name)); buffer.append("\""); if (this.body.getFilename() != null) { buffer.append("; filename=\""); - buffer.append(this.body.getFilename()); + buffer.append(encodeForHeader(this.body.getFilename())); buffer.append("\""); } headerCopy.addField(new MinimalField(MIME.CONTENT_DISPOSITION, buffer.toString())); @@ -136,4 +136,19 @@ public FormBodyPart build() { return new FormBodyPart(this.name, this.body, headerCopy); } + private static String encodeForHeader(final String headerName) { + if (headerName == null) { + return null; + } + final StringBuilder sb = new StringBuilder(); + for (int i = 0; i < headerName.length(); i++) { + final char x = headerName.charAt(i); + if (x == '"' || x == '\\' || x == '\r') { + sb.append("\\"); + } + sb.append(x); + } + return sb.toString(); + } + }