diff options
author | James Tucker <jftucker@gmail.com> | 2012-01-22 22:48:35 -0800 |
---|---|---|
committer | James Tucker <jftucker@gmail.com> | 2012-01-22 22:48:35 -0800 |
commit | 7d3c3fda71b2e5ad1f7d36c3c65b8413a2f3075b (patch) | |
tree | 1da53e958950eb4f9dfec1cdc725e928d6c031b4 | |
parent | f6b11a090ff51fe3a6f2f8279f3618bfbffd2f74 (diff) | |
download | rack-7d3c3fda71b2e5ad1f7d36c3c65b8413a2f3075b.tar.gz |
Multipart percentage fail, round 3, the final character. Fixes strings terminated with %. See #323. Revisit for 1.5. 1.4.1
-rw-r--r-- | lib/rack/multipart/parser.rb | 2 | ||||
-rw-r--r-- | test/multipart/filename_with_unescaped_percentages3 | 6 | ||||
-rw-r--r-- | test/spec_multipart.rb | 15 |
3 files changed, 22 insertions, 1 deletions
diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb index ec265841..98eceaa1 100644 --- a/lib/rack/multipart/parser.rb +++ b/lib/rack/multipart/parser.rb @@ -125,7 +125,7 @@ module Rack filename = $1 end - if filename && filename.scan(/%..?/).all? { |s| s =~ /%[0-9a-fA-F]{2}/ } + if filename && filename.scan(/%.?.?/).all? { |s| s =~ /%[0-9a-fA-F]{2}/ } filename = Utils.unescape(filename) end if filename && filename !~ /\\[^\\"]/ diff --git a/test/multipart/filename_with_unescaped_percentages3 b/test/multipart/filename_with_unescaped_percentages3 new file mode 100644 index 00000000..4dba3c88 --- /dev/null +++ b/test/multipart/filename_with_unescaped_percentages3 @@ -0,0 +1,6 @@ +------WebKitFormBoundary2NHc7OhsgU68l3Al
+Content-Disposition: form-data; name="document[attachment]"; filename="100%"
+Content-Type: image/jpeg
+
+contents
+------WebKitFormBoundary2NHc7OhsgU68l3Al--
diff --git a/test/spec_multipart.rb b/test/spec_multipart.rb index c70cd7ee..b0bf57c0 100644 --- a/test/spec_multipart.rb +++ b/test/spec_multipart.rb @@ -241,6 +241,21 @@ Content-Type: image/jpeg\r files[:tempfile].read.should.equal "contents" end + should "parse filename with unescaped percentage characters that look like partial hex escapes" do + env = Rack::MockRequest.env_for("/", multipart_fixture(:filename_with_unescaped_percentages3, "----WebKitFormBoundary2NHc7OhsgU68l3Al")) + params = Rack::Multipart.parse_multipart(env) + files = params["document"]["attachment"] + files[:type].should.equal "image/jpeg" + files[:filename].should.equal "100%" + files[:head].should.equal <<-MULTIPART +Content-Disposition: form-data; name="document[attachment]"; filename="100%"\r +Content-Type: image/jpeg\r + MULTIPART + + files[:name].should.equal "document[attachment]" + files[:tempfile].read.should.equal "contents" + end + it "rewinds input after parsing upload" do options = multipart_fixture(:text) input = options[:input] |