[ic] [interchange] Allow name="0" in Content-Disposition header.

Mike Heins mike at perusion.com
Sat Apr 2 18:57:32 UTC 2011


Quoting Jon Jensen (jon at endpoint.com):
> On Sat, 2 Apr 2011, Dan Browning wrote:
> 
> >   Allow name="0" in Content-Disposition header.
> >
> >   Interchange was checking the Content-Disposition name for perly truth
> >   rather than definedness, which caused it to incorrectly disallow the valid
> >   name of "0". I ran into one particular program in the wild that happens
> >   to generate requests with just such headers:
> >
> >    https://github.com/valums/file-uploader/
> 
> Interesting. There's always someone who uses a "0" somewhere you
> wouldn't expect. :)
> 
> Is this perhaps introducing a new problem?
> 
> >-			if(! $param) {
> >+			if(not defined $param) {
> 
> That will now tolerate an empty name string, because the regular
> expression will happily match one:
> 
>     my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]*)"?/;
> 
> Perhaps it'd be best to also check for length($param). What do you think?

I think you can do:

     my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]+)"?/;

and solve that.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.328.4479  <mike at perusion.com>

Life isn't fair, but it's good. -- Regina Brett



More information about the interchange-users mailing list