#731 method original_filename in UploadFile module is broken - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#731 ✓stale

method original_filename in UploadFile module is broken

Reported by Armando Di Cianno | July 30th, 2008 @ 11:48 PM | in 2.x

While persnickety, there is a flaw in the setter for original filename, in Rails 2.1.0, in an apache/passenger setup.

The filename on the next line:

&;()<>|!{}[]'"*?~\$`.ext

for example, comes out as

&;()<>|!{}[]'

Note that the leading space, and everything trailing the single-quote (at the double-quote position) is truncated.

We recently migrated from Mongrel, where we had hand-rolled our own upload filename grabber, to Passenger, and wanted to use the nice mod_upload_progress that exists out there. The code we used was /BAD/, but looked like this:

temp = e.split('=')

if temp[0] == "filename"

remove begin/end double-quotes, without
munging double-quotes in the filename

filename = temp[1].chomp().chop().reverse().chop().reverse()

puts "filename: #{filename}" if @debug

end

This preserved the filename perfectly -- we also later massaged out the IE full-path to get just the basename.

So, while filename that has all those characters is unlikely, it's indeed a valid filename, and should be preserved.

Comments and changes to this ticket

You flagged this item as spam.
Armando Di Cianno July 31st, 2008 @ 09:04 PM
I've narrowed down the problem to line 596 in read_multipart in request.rb (same file as above method).
head =~ /Content-Disposition:.* filename=(?:"((?:\\.|[^\"]))"|([^;]))/ni
So, given
str = "Content-Disposition: filename=\" &;()<>|!{}[]'\"*?~\\$`.mpg\""
then
str =~ /Content-Disposition:.* filename=(?:"((?:\\.|[^\"]))"|([^;]))/ni
we get
>> $1
=> " &;()<>|!{}[]'"
>> $2
=> nil
josh November 22nd, 2008 @ 07:52 PM
- State changed from “new” to “stale”
Staling out, please let me know if its still an issue.

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Shared Ticket Bins (Sort)

↓↑ drag 455 Open Bugs
↓↑ drag 0 Recent Open Tickets
↓↑ drag 87 Open Patches
↓↑ drag 0 Open Doc Patches
↓↑ drag 542 Stale Tickets
↓↑ drag 3 Verified Patches
↓↑ drag 87 Stale Patches
↓↑ drag 0 Yesterday's Tickets
↓↑ drag 0 Two Days Ago
↓↑ drag 0 This Week
↓↑ drag 0 Last Week
↓↑ drag 7 Bugmash
↓↑ drag 0 Bugmash review queue
↓↑ drag 5 Rails 3 High Priority Tickets

Rails Ruby on Rails → 2.x

method original_filename in UploadFile module is broken

Comments and changes to this ticket

Armando Di Cianno July 31st, 2008 @ 09:04 PM

josh November 22nd, 2008 @ 07:52 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages

Rails Ruby on Rails → 2.x

Keyword searching

method original_filename in UploadFile module is broken

Comments and changes to this ticket

Armando Di Cianno July 31st, 2008 @ 09:04 PM

josh November 22nd, 2008 @ 07:52 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages