mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-06 15:32:33 +00:00
Code Issues 32 Releases Wiki Activity

Refs #33697 -- Fixed multipart parsing of headers with double quotes and semicolons.

Browse Source 
See 1ef0c0349e
This commit is contained in:
Mehrdad 2022-05-27 13:18:06 -04:00 committed by Mariusz Felisiak
parent 295249c901
commit 93cedc82f2
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/http/multipartparser.py
View File

@ -748,7 +748,7 @@ def _parse_header_params(s):
while s[:1] == b";": while s[:1] == b";":
s = s[1:] s = s[1:]
end = s.find(b";") end = s.find(b";")
while end > 0 and s.count(b'"', 0, end) % 2: while end > 0 and (s.count(b'"', 0, end) - s.count(b'\\"', 0, end)) % 2:
end = s.find(b";", end + 1) end = s.find(b";", end + 1)
if end < 0: if end < 0:
end = len(s) end = len(s)

6
tests/file_uploads/tests.py
View File

@ -944,3 +944,9 @@ class MultiParserTests(SimpleTestCase):
for raw_line, expected_title in test_data: for raw_line, expected_title in test_data:
parsed = parse_header(raw_line) parsed = parse_header(raw_line)
self.assertEqual(parsed[1]["title"], expected_title) self.assertEqual(parsed[1]["title"], expected_title)
def test_parse_header_with_double_quotes_and_semicolon(self):
self.assertEqual(
parse_header(b'form-data; name="files"; filename="fo\\"o;bar"'),
("form-data", {"name": b"files", "filename": b'fo"o;bar'}),
)