curl-users
Re: Content-Disposition parser confirming to RFC 6266
Date: Wed, 31 Oct 2012 01:17:18 +0900
Hi,
On Tue, Oct 30, 2012 at 7:01 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Sat, 27 Oct 2012, Tatsuhiro Tsujikawa wrote:
>
>> I'd like to contribute a patch to add Content-Disposition parser
>> conforming to RFC 6266. The comment in tool_cd_hdr.c says it does not
>> support encoded filenames (*=) right now.
>
>
> That sounds awesome!
>
>
>> I observed that curl does not decode percent-encoded filename in URL with
>> -O option. So the safe and consistent way is probably preserve
>> percent-encoded string as is and do usual sanitizing (i.e., use string after
>> last /). The drawback of this approach is user does not know the charset of
>> the string when it is decoded.
>
>
> The -O option without -J or with -J but without a Content-Disposition header
> use the file name portion as-is from the URL. I really don't think it should
> attempt to decode it to anything then as it A) really doesn't know what
> charset to use and B) never did it before so it would introduce a modified
> behavior that will ruin lots of scripts out there.
>
OK, use filename as is, not unescaped.
The patch is attached in this mail.
I only checked tests which include -J in keywords.
I'll perform full tests tomorrow and also add RFC 5987 Encoding tests.
It seems that disposition-type (e.g., inline, attachment) is required
in RFC 6266.
I added 'inline' in the patched test cases. Also "'" is allowed in
filename in RFC, so I patched
test1313. But it may not be valid for Windows, so should we discard it?
I defined is_alpha() myself because ISALPHA may return true for other
than a-zA-Z depending on the locale setting.
To store extracted filename parameter value, I used stack allocated
1024 bytes array.
Of course, I checked overflow, but we can allocate same length of
header value for this to make sure that longer filename can be
extracted safely.
Best regards,
Tatsuhiro Tsujikawa
> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/octet-stream attachment: 0001-Parse-Content-Disposition-header-field-value-conform.patch