Skip Menu |

This queue is for tickets about the HTTP-Body CPAN distribution.

Report information
The Basics
Id: 80022
Status: rejected
Priority: 0/
Queue: HTTP-Body
People
Owner: Nobody in particular
Requestors: gbjk [...] thermeon.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 1.17
Fixed in: (no value)

History Show all quoted text
  Fri Oct 05 06:58:13 2012 gbjk [...] thermeon.com - Ticket created
Subject: Multiple Content-Type handling with multipart body
Browsers submit mutliple content-types, comma separated. The regex in MultiPart didn't allow for this. Patch attached. I've created a test for this. Note: I've also had to skip test 014 of 04multipart. Someone should create a results file for it and remove the next from the top of the for loop. Gareeth
Subject: HTTP-Body-1.17.patch
diff -Naur HTTP-Body-1.17.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.17/lib/HTTP/Body/MultiPart.pm --- HTTP-Body-1.17.orig/lib/HTTP/Body/MultiPart.pm 2012-10-05 10:50:40.832329211 +0100 +++ HTTP-Body-1.17/lib/HTTP/Body/MultiPart.pm 2012-10-05 11:33:14.976250776 +0100 @@ -34,7 +34,10 @@ sub init { my $self = shift; - unless ( $self->content_type =~ /boundary=\"?([^\";]+)\"?/ ) { + # Browsers send multiple content types comma separated, after the boundary + # RFC's don't seem to support this, but "it's out there" + # So use a non-greedy capture, and anchor with a possible trailing ,\s + unless ( $self->content_type =~ /boundary=\"?([^\";]+?)\"?(?:[;,]\s.*)?$/ ) { my $content_type = $self->content_type; Carp::croak("Invalid boundary in content_type: '$content_type'"); } diff -Naur HTTP-Body-1.17.orig/t/04multipart.t HTTP-Body-1.17/t/04multipart.t --- HTTP-Body-1.17.orig/t/04multipart.t 2012-10-05 10:50:40.832329211 +0100 +++ HTTP-Body-1.17/t/04multipart.t 2012-10-05 11:45:44.679910688 +0100 @@ -6,7 +6,7 @@ use FindBin; use lib "$FindBin::Bin/lib"; -use Test::More tests => 153; +use Test::More tests => 158; use Test::Deep; use Cwd; @@ -18,7 +18,12 @@ my $path = catdir( getcwd(), 't', 'data', 'multipart' ); -for ( my $i = 1; $i <= 13; $i++ ) { +for ( my $i = 1; $i <= 15; $i++ ) { + + if ($i == 14){ + note "014 test not finished"; + next; + } my $test = sprintf( "%.3d", $i ); my $headers = PAML::LoadFile( catfile( $path, "$test-headers.pml" ) ); @@ -67,7 +72,7 @@ cmp_deeply( $body->body, $results->{body}, "$test MultiPart body" ); cmp_deeply( $body->param, $results->{param}, "$test MultiPart param" ); cmp_deeply( $body->param_order, $results->{param_order} ? $results->{param_order} : [], "$test MultiPart param_order" ); - cmp_deeply( $body->upload, $results->{upload}, "$test MultiPart upload" ) + cmp_deeply( $body->upload, $results->{upload}, "$test MultiPart upload" ) if $results->{upload}; cmp_ok( $body->state, 'eq', 'done', "$test MultiPart state" ); cmp_ok( $body->length, '==', $body->content_length, "$test MultiPart length" ); diff -Naur HTTP-Body-1.17.orig/t/data/multipart/015-content.dat HTTP-Body-1.17/t/data/multipart/015-content.dat --- HTTP-Body-1.17.orig/t/data/multipart/015-content.dat 1970-01-01 01:00:00.000000000 +0100 +++ HTTP-Body-1.17/t/data/multipart/015-content.dat 2012-10-05 11:20:52.676560341 +0100 @@ -0,0 +1,9 @@ +-----------------------------96769121218424136801449239937 +Content-Disposition: form-data; name="lang" + +en +-----------------------------96769121218424136801449239937 +Content-Disposition: form-data; name="source" + +RARRRRR! +-----------------------------96769121218424136801449239937-- diff -Naur HTTP-Body-1.17.orig/t/data/multipart/015-headers.pml HTTP-Body-1.17/t/data/multipart/015-headers.pml --- HTTP-Body-1.17.orig/t/data/multipart/015-headers.pml 1970-01-01 01:00:00.000000000 +0100 +++ HTTP-Body-1.17/t/data/multipart/015-headers.pml 2012-10-05 11:17:23.928546764 +0100 @@ -0,0 +1,5 @@ +{ + "User-Agent" => "Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0", + "Content-Length" => 292, + "Content-Type" => "multipart/form-data; boundary=---------------------------96769121218424136801449239937, application/xml" +} diff -Naur HTTP-Body-1.17.orig/t/data/multipart/015-results.pml HTTP-Body-1.17/t/data/multipart/015-results.pml --- HTTP-Body-1.17.orig/t/data/multipart/015-results.pml 1970-01-01 01:00:00.000000000 +0100 +++ HTTP-Body-1.17/t/data/multipart/015-results.pml 2012-10-05 11:33:03.476256779 +0100 @@ -0,0 +1,10 @@ +{ + "body" => undef, + "param" => { + "lang" => "en", + "source" => "RARRRRR!", + }, + "param_order" => [ + "lang", "source" + ] +}
  Sat Oct 06 18:27:01 2012 chansen [...] cpan.org - Correspondence added
Vid Fre, 05 Oct 2012 kl. 06.58.13, skrev gbjk@thermeoneurope.com: Show quoted text
> Browsers submit mutliple content-types, comma separated.
This patch is unlikely to get applied unless the User-Agent's are in wide usage. Please provide User-Agent strings for these misbehaving clients. -- chansen
  Sat Oct 06 18:27:02 2012 The RT System itself - Status changed from 'new' to 'open'
  Sun Oct 07 04:32:51 2012 gbjk [...] thermeon.com - Correspondence added
On Sat Oct 06 18:27:01 2012, CHANSEN wrote: Show quoted text
> Vid Fre, 05 Oct 2012 kl. 06.58.13, skrev gbjk@thermeoneurope.com:
> > Browsers submit mutliple content-types, comma separated.
> > This patch is unlikely to get applied unless the User-Agent's are in > wide usage. Please provide > User-Agent strings for these misbehaving clients.
We tested latest Chrome and Firefox on ubuntu. One user-agent is in the test... Note: This patch mimics what's *already* supported in Body.pm's new. If there's no downside to supporting this situation, even if it were an edge-case, then I don't see why it would be rejected. Either way, it's only a patch because source isn't migrated to git yet. I'll patch and release myself if necessary.
  Tue Oct 09 08:53:34 2012 gbjk [...] thermeon.com - Correspondence added
I complete withdraw this patch. Browsers aren't ever sending this, to my knowledge now, and it was something stupid on the edge of our network. RFCs hold, and browsers are respecting them, it seems.
  Tue Oct 09 09:38:29 2012 chansen [...] cpan.org - Status changed from 'open' to 'rejected'