The problem was that parse_content_disposition treated the values "filename" and "filename*" as the same and concatenated both values. RFC 6266 states that if both are present, "filename*" should have preference.
Now, the patch is tricky, because in this case: attachment; filename*="A.ext"; filename*0="hello"; filename*1="world.ext", the final filename should be A.ext. But modify_param_name in http.c changes the names with '*' to end with the first occurrence of '*', this makes it hard to differentiate both cases. Instead of fixing this and dealing with lots of edge cases I just check for the name to be "filename", end with "*" and have the next character not to be a digit. Do you think this is fine or it's best to get modify_param_name to do it's job better? I also added more unit tests to account for the edge cases. Cheers, Miquel
0001-Fixed-44628-honoring-RFC-6266-content-disposition.patch
Description: Binary data