[pve-devel] [PATCH http-server 1/1] fix #4344: http-server: ignore unused multipart headers
Matthias Heiserer
m.heiserer at proxmox.com
Mon Nov 14 11:33:48 CET 2022
Thanks for the patch! I must have overlooked that in my original patch.
Didn't think to test with proxmoxer :)
In case you haven't do so already, please submit the contributor license
agreement. We require that in order to use your patch.
https://www.proxmox.com/en/proxmox-ve/get-involved
On 14.11.2022 00:48, John Hollowell wrote:
> Signed-off-by: John Hollowell <jhollowe at johnhollowell.com>
> ---
> src/PVE/APIServer/AnyEvent.pm | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
> index f397a8c..d958642 100644
> --- a/src/PVE/APIServer/AnyEvent.pm
> +++ b/src/PVE/APIServer/AnyEvent.pm
> @@ -1215,15 +1215,15 @@ sub file_upload_multipart {
> $extract_form_disposition->('checksum');
>
> if ($hdl->{rbuf} =~
> - s/^${delim_re}
> - Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"${newline_re}
> - Content-Type:\ \S*\s+
> - //sxx
> + s/^${delim_re}Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"//sxx
We should drop the xx and escaping of spaces, it's not needed for the
single line.
> ) {
> assert_form_disposition($1);
> die "wrong field name '$2' for file upload, expected 'filename'" if $2 ne "filename";
> $rstate->{phase} = 2;
> $rstate->{params}->{filename} = trim($3);
> +
> + # remove any remaining multipart "headers" like Content-Type
> + $hdl->{rbuf} =~ s/^.*?${newline_re}{2}//s
I'm thinking of whether it would be better to include this line in the
other one, or not. Probably more clearer the way it is now.
> }
> }
>
> --
> 2.30.2
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
> Reviewed-by: Matthias Heiserer <m.heiserer at proxmox.com>
Tested-by: Matthias Heiserer <m.heiserer at proxmox.com>
More information about the pve-devel
mailing list