[interchange] Disallow name="" in Content-Disposition header.
Daniel Browning
interchange-cvs at icdevgroup.org
Sat Apr 2 21:09:25 UTC 2011
commit be6337367beca9c93c426cf8b6c2665cb95cd49a
Author: Daniel Browning <db at kavod.com>
Date: Sat Apr 2 14:04:32 2011 -0700
Disallow name="" in Content-Disposition header.
Jon Jensen noticed that the last commit (b29f34f5) introduced a new
problem by relaxing the constraint a little too much and allowing
empty strings. This patch by Mike Heins goes back to requiring at
least one character, while still allowing 0.
lib/Vend/Server.pm | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/lib/Vend/Server.pm b/lib/Vend/Server.pm
index a6620f5..5baf109 100644
--- a/lib/Vend/Server.pm
+++ b/lib/Vend/Server.pm
@@ -478,7 +478,7 @@ sub parse_multipart {
}
#::logDebug("Content-Disposition: " . $header{'Content-Disposition'});
- my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]*)"?/;
+ my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]+)"?/;
# Bug: Netscape doesn't escape quotation marks in file names!!!
my($filename) = $header{'Content-Disposition'}=~/ filename="?([^\";]*)"?/;
More information about the interchange-cvs
mailing list