[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 --- Comment #15 from Michael Osipov <1983-01...@gmx.net> --- Not surpringly, Microsoft closed as wontfix. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 Mark Thomas changed: What|Removed |Added CC||csuth...@redhat.com --- Comment #14 from Mark Thomas --- *** Bug 60371 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 --- Comment #13 from Masahiro YAMADA --- I sent this problem to Microsoft. https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/9440110/ -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|REOPENED|RESOLVED --- Comment #12 from Mark Thomas --- So, starting with RFC7578: Section 4.2 points to RFC2183 for the definition of the content disposition header. RFC2183 defines: filename-parm := "filename" "=" value and points to RFC2045 for value RFC2045 value := token / quoted-string and points to RFC822 RFC822: quoted-string = <"> *(qtext/quoted-pair) <"> qtext = , "\" & CR, and including linear-white-space> And this is what Tomcat currently implements. There are lots up updates to these RFCs around i18n values. Browsers don't seem to be using them. We can update Tomcat if / when browsers start supporting them. On the grounds Tomcat is adhering to the relevant RFCs and IE is not, I am re-resolving this issue as fixed. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 Konstantin Kolinko changed: What|Removed |Added Resolution|FIXED |--- Status|RESOLVED|REOPENED --- Comment #11 from Konstantin Kolinko --- This needs further investigation. Using RFC 6266 is an error: it defines a response header, not a request one. Section "1. Introduction" of RFC 6266 has the following note: Note: This document does not apply to Content-Disposition header fields appearing in payload bodies transmitted over HTTP, such as when using the media type "multipart/form-data" ([RFC2388]). Links: https://tools.ietf.org/html/rfc6266 https://tools.ietf.org/html/rfc2388 (Obsoleted by: 7578) https://tools.ietf.org/html/rfc7578 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 Mark Thomas changed: What|Removed |Added CC||s05ma...@blm.gov --- Comment #10 from Mark Thomas --- *** Bug 59891 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 --- Comment #9 from Marco --- This option is in all Internet Explorer Version (8,9,10,11) for local and trusted networks present. The entry name is " Include local directory path when uploading files to a server". This entry is default enabled for trusted networks. I don't need this information. But when the "\" character is removed i has no chance to extract the correct filename. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 --- Comment #8 from Konstantin Kolinko --- Sending full file path is a rather odd and insecure behaviour. Is this IE 11 not up-to-date, or does this behaviour depend on its security settings (e.g. server being in trusted network)? Some links https://tools.ietf.org/html/rfc6266 https://tools.ietf.org/html/rfc1867 https://www.w3.org/TR/2014/REC-html5-20141028/forms.html#file-upload-state-(type=file) http://commons.apache.org/proper/commons-fileupload/ -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #7 from Mark Thomas --- IE 11 is not specification compliant. As per comment #5, you'll need to raise a bug with Microsoft in the first instance. In the meantime, you can manually parse the header yourself with custom rules for IE11 if you need that information. If Microsoft refuse to fix the bug then you should open a new enhancement request for Tomcat to apply special handling in this case. There is no guarantee that such an enhancement request will be implemented. The Tomcat team generally does not implement work-arounds for bugs in third-party code. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 Marco changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED |--- --- Comment #6 from Marco --- This Change destroy the file upload in Internet-Explorer 11. The "Content-Disposition" Header contains the filename with path form-data; name="Datei"; filename="D:\temp\test.xml". The call of part.getSubmittedFileName() return "D:temptest.xml". Befor this change it returns "D:\temp\test.xml". -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|REOPENED|RESOLVED --- Comment #5 from Mark Thomas --- This has been fixed so Tomcat follows RFC 6266. If some UAs do strange things outside of RFC 6266 then bugs need to be raised with those browsers in the first instance. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 --- Comment #4 from Mark Thomas --- I've fixed the initial exception. The relevant spec here is RFC6266. I'm leaving this issue open until I have a chance to look through that spec. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 --- Comment #3 from Udo Schnurpfeil --- I've made some tests with different browsers and I found these encodings in the filename part: (filename) -> (content-disposition) : -> : / -> : \ -> \ \\ -> \ " -> \" (Firefox) and %22 (Chrome+Safari) %22 -> %22 This leads to 3 problems: 1. The resulting string : doesn't differ between : and / so there is not possibility to know what was the source. 2. The resulting string \ doesn't differ between \\ and \ so there is also not possibility to find the source. 3. In Chrome+Safari we cannot differ between " and %22 I know these character are unusual, but not invalid on some OS. For the moment I have best results with this code: fileName = fileName.trim().replaceAll("\\\"", "\""); // replaces \" with " I don't know which RFC is relevant here? But it looks for me, that we have different file names resulting in same header information. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 Udo Schnurpfeil changed: What|Removed |Added Resolution|FIXED |--- Status|RESOLVED|REOPENED --- Comment #2 from Udo Schnurpfeil --- Thanks for the quick response. I've just testet it with 8.0/trunk but it there was an Exception: The replaceAll need a regexp, and so the quoted backslash needs to be quoted again: replaceAll("", "") instead of replaceAll("\\", "") -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- Thanks for the report. The submitted file name is either a token or quoted-string and we weren't handling the quoted-string case. This has been fixed for 9.0.x (9.0.0.M4 onwards), 8.0.x (8.0.33 onwards) and 7.0.x (7.0.69 onwards). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org