Bug #41407 for HTTP-Body: HTTP::Body multipart boundary parser is not RFC 2046 complient.

Hiya, I have an issue where a client library (which I do not control) is making POST requests to my application with boundaries containing the ',' character. This is specifically excluded from HTTP::Body::MultiPart by the boundary matching regex, but the BNF for a boundary from RFC 2046 is: boundary := 0*69<bchars> bcharsnospace bchars := bcharsnospace / " " bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-" / "." / "/" / ":" / "=" / "?" Please find test cases for the issue attached. Cheers t0m

Index: t/04multipart.t =================================================================== --- t/04multipart.t (revision 8701) +++ t/04multipart.t (working copy) @@ -3,7 +3,7 @@ use strict; use warnings; -use Test::More tests => 98; +use Test::More tests => 102; use Cwd; use HTTP::Body; @@ -14,7 +14,7 @@ my $path = catdir( getcwd(), 't', 'data', 'multipart' ); -for ( my $i = 1; $i <= 12; $i++ ) { +for ( my $i = 1; $i <= 13; $i++ ) { my $test = sprintf( "%.3d", $i ); my $headers = YAML::LoadFile( catfile( $path, "$test-headers.yml" ) ); @@ -47,7 +47,8 @@ is_deeply( $body->body, $results->{body}, "$test MultiPart body" ); is_deeply( $body->param, $results->{param}, "$test MultiPart param" ); - is_deeply( $body->upload, $results->{upload}, "$test MultiPart upload" ); + is_deeply( $body->upload, $results->{upload}, "$test MultiPart upload" ) + if $results->{upload}; cmp_ok( $body->state, 'eq', 'done', "$test MultiPart state" ); cmp_ok( $body->length, '==', $body->content_length, "$test MultiPart length" ); Index: t/data/multipart/013-headers.yml =================================================================== --- t/data/multipart/013-headers.yml (revision 0) +++ t/data/multipart/013-headers.yml (revision 0) @@ -0,0 +1,4 @@ +--- +Content-Length: 1817 +Content-Type: multipart/form-data; boundary=----------0x'K()h+T_m,L-b.O/u:N=d?ArY +User-Agent: 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312' Index: t/data/multipart/013-content.dat =================================================================== --- t/data/multipart/013-content.dat (revision 0) +++ t/data/multipart/013-content.dat (revision 0) @@ -0,0 +1,23 @@ +------------0x'K()h+T_m,L-b.O/u:N=d?ArY +Content-Disposition: form-data; name="text1" + +Ratione accusamus aspernatur aliquam +------------0x'K()h+T_m,L-b.O/u:N=d?ArY +Content-Disposition: form-data; name="text2" + + +------------0x'K()h+T_m,L-b.O/u:N=d?ArY +Content-Disposition: form-data; name="select" + +A +------------0x'K()h+T_m,L-b.O/u:N=d?ArY +Content-Disposition: form-data; name="select" + +B +------------0x'K()h+T_m,L-b.O/u:N=d?ArY +Content-Disposition: form-data; name="textarea" + +Voluptatem cumque voluptate sit recusandae at. Et quas facere rerum unde esse. Sit est et voluptatem. Vel temporibus velit neque odio non. + +Molestias rerum ut sapiente facere repellendus illo. Eum nulla quis aut. Quidem voluptas vitae ipsam officia voluptatibus eveniet. Aspernatur cupiditate ratione aliquam quidem corrupti. Eos sunt rerum non optio culpa. +------------0xKhTmLbOuNdArY-- Index: t/data/multipart/013-results.yml =================================================================== --- t/data/multipart/013-results.yml (revision 0) +++ t/data/multipart/013-results.yml (revision 0) @@ -0,0 +1,9 @@ +--- +body: ~ +param: + select: + - A + - B + text1: Ratione accusamus aspernatur aliquam + text2: "" + textarea: "Voluptatem cumque voluptate sit recusandae at. Et quas facere rerum unde esse. Sit est et voluptatem. Vel temporibus velit neque odio non.\r\n\r\nMolestias rerum ut sapiente facere repellendus illo. Eum nulla quis aut. Quidem voluptas vitae ipsam officia voluptatibus eveniet. Aspernatur cupiditate ratione aliquam quidem corrupti. Eos sunt rerum non optio culpa."