[ https://issues.apache.org/jira/browse/MODPYTHON-210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467170 ]
Graham Dumpleton commented on MODPYTHON-210: -------------------------------------------- Emiliano posts this patch: http://www.modpython.org/pipermail/mod_python/2007-January/023092.html It does however use Python "set" which can't be used as only newer versions of Python support it. > FieldStorage wrongly assumes boundary is last attribute in Content-Type > headers value. > -------------------------------------------------------------------------------------- > > Key: MODPYTHON-210 > URL: https://issues.apache.org/jira/browse/MODPYTHON-210 > Project: mod_python > Issue Type: Bug > Components: core > Affects Versions: 3.3, 3.2.10 > Reporter: Graham Dumpleton > > Mozilla can generate multipart content that looks like: > Content-Length: 522 > Content-Type: multipart/related; > boundary=---------------------------13592280651221337293469391600; > type="application/xml"; start="<[EMAIL PROTECTED] >" > Cookie: lang=1 > > This highlights an issue with util.FieldStorage in that it assumes that the > boundary attribute of the Content-Type header will always be the last thing > in the value. Ie., the code in FieldStorage is: > # figure out boundary > try: > i = ctype.lower().rindex("boundary=") > boundary = ctype[i+9:] > if len(boundary) >= 2 and boundary[0] == boundary[-1] == '"': > boundary = boundary[1:-1] > boundary = re.compile("--" + re.escape(boundary) + "(--)?\r?\n") > The FieldStorage code should correctly split out all attributes from the line > and then deal with list the boundary attribute by itself and not make > assumptions about the order of attributes on the line. The code is also > questionable depending on whether it is guaranteed by Apache that trailing > space is striped from the value of headers. If there is trailing white space > it will interfere with the check for whether the boundary is surrounded by > quotes. Finally, does the specification for HTTP headers always entail the > use of a double quote as this is the only thing that is checked for? -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.