[pve-devel] [PATCH v2 http-server 1/2] fix #4344: http-server: ignore unused multipart headers
John Hollowell
jhollowe at johnhollowell.com
Fri Nov 18 02:39:10 CET 2022
Signed-off-by: John Hollowell <jhollowe at johnhollowell.com>
---
src/PVE/APIServer/AnyEvent.pm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
index f397a8c..d958642 100644
--- a/src/PVE/APIServer/AnyEvent.pm
+++ b/src/PVE/APIServer/AnyEvent.pm
@@ -1215,15 +1215,15 @@ sub file_upload_multipart {
$extract_form_disposition->('checksum');
if ($hdl->{rbuf} =~
- s/^${delim_re}
- Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"${newline_re}
- Content-Type:\ \S*\s+
- //sxx
+ s/^${delim_re}Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"//sxx
) {
assert_form_disposition($1);
die "wrong field name '$2' for file upload, expected 'filename'" if $2 ne "filename";
$rstate->{phase} = 2;
$rstate->{params}->{filename} = trim($3);
+
+ # remove any remaining multipart "headers" like Content-Type
+ $hdl->{rbuf} =~ s/^.*?${newline_re}{2}//s
}
}
--
2.30.2
More information about the pve-devel
mailing list