[ic] [interchange] Allow name="0" in Content-Disposition header.
Mike Heins
mike at perusion.com
Sat Apr 2 18:57:32 UTC 2011
Quoting Jon Jensen (jon at endpoint.com):
> On Sat, 2 Apr 2011, Dan Browning wrote:
>
> > Allow name="0" in Content-Disposition header.
> >
> > Interchange was checking the Content-Disposition name for perly truth
> > rather than definedness, which caused it to incorrectly disallow the valid
> > name of "0". I ran into one particular program in the wild that happens
> > to generate requests with just such headers:
> >
> > https://github.com/valums/file-uploader/
>
> Interesting. There's always someone who uses a "0" somewhere you
> wouldn't expect. :)
>
> Is this perhaps introducing a new problem?
>
> >- if(! $param) {
> >+ if(not defined $param) {
>
> That will now tolerate an empty name string, because the regular
> expression will happily match one:
>
> my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]*)"?/;
>
> Perhaps it'd be best to also check for length($param). What do you think?
I think you can do:
my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]+)"?/;
and solve that.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.328.4479 <mike at perusion.com>
Life isn't fair, but it's good. -- Regina Brett
More information about the interchange-users
mailing list