cgi, parse_header and semi-colon

Sylvain sylvain.vivien at gmail.com
Sat Jun 7 09:49:41 CEST 2008


On Jun 6, 5:33 pm, "Richard Brodie" <R.Bro... at rl.ac.uk> wrote:
> "Sylvain" <sylvain.viv... at gmail.com> wrote in message
>
> news:b80af57f-897d-4fd1-bebc-df0782143314 at 25g2000hsx.googlegroups.com...
>
> > If we upload a file with a semi-colon (i.e : "C:/my;file.jpg") :
> > cgi.FieldStorage.filename returns only "my" everything after the semi-
> > colon is missing
>
> > Is it a bug or i'm missing something ?
>
> I doubt it's bug inparse_header, since it's meant to split on
> semicolons. Whether it's a bug in one of its callers, or the client
> not escaping sufficiently, I couldn't say offhand.

I've printed the filename in the content-disposition header :
filename="my;file.jpg"

If you look at the http://www.ietf.org/rfc/rfc2183.txt about "content-
disposition" :

"A short parameter value containing only ASCII characters, but
including `tspecials' characters, SHOULD be represented as `quoted-
string'."

So my header is correct but i think there is clearly a bug in the
parse_header and "content-disposition" should not be "splitted" only
with the split(';') method but should look at quoted-string too.

Regards



More information about the Python-list mailing list