Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Parsing content-disposition header's filename in multipart/from-data

According to RFC, in multipart/form-data content-disposition header filename field receives as parameter HTTP quoted string - string between quites where character '\' can escape any other ascii character.

The problem is, web browsers don't do it.

IE6 sends:

Content-Disposition: form-data; name="file"; filename="z:\tmp\test.txt"

Instead of expected

Content-Disposition: form-data; name="file"; filename="z:\\tmp\\test.txt"

Which should be parsed as z:tmptest.txt according to rules instead of z:\tmp\test.txt.

Firefox, Konqueror and Chrome don't escape " characters for example:

Content-Disposition: form-data; name="file"; filename=""test".txt"

Instead of expected

Content-Disposition: form-data; name="file"; filename="\"test\".txt"

So... how would you suggest to deal with this issue?

Does Anybody have an idea?

like image 536
Artyom Avatar asked May 29 '10 09:05

Artyom


People also ask

What is content disposition attachment filename?

Content-Disposition is an optional header and allows the sender to indicate a default archival disposition; a filename. The optional "filename" parameter provides for this. This header field definition is based almost verbatim on Experimental RFC 1806 by R. Troost and S.

How do you use content disposition headers?

In a regular HTTP response, the Content-Disposition response header is a header indicating if the content is expected to be displayed inline in the browser, that is, as a Web page or as part of a Web page, or as an attachment, that is downloaded and saved locally.

What does Err_response_headers_multiple_content_disposition mean?

The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue. Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple distinct Content-Disposition headers received.

What is content type multipart form data?

multipart/form-data [RFC1867] The multipart/form-data content type is intended to allow information providers to express file upload requests uniformly, and to provide a MIME-compatible representation for file upload responses.


2 Answers

Though an old thread, adding the below java solution for whoever might be interested.

// import com.sun.xml.internal.messaging.saaj.packaging.mime.internet.*;

    try {
        ContentDisposition contentDisposition = new ContentDisposition("attachment; filename=\"myfile.log\"; filename*=UTF-8''myfile.log");
        System.out.println(contentDisposition.getParameter("filename"));
    } catch (ParseException e) {
        e.printStackTrace();
    }
like image 131
Pavan Kumar Avatar answered Oct 13 '22 01:10

Pavan Kumar


Is there a reason that you need to parse this filename at all?

At least the one thing that's consistent is that the filename portion of the header ends with a double quote, so you just need to read in everything between filename=" and the final ".

Then you can probably treat any backslash other than \\, \" or \" as a literal backslash, unless you think it's particularly likely that users will be uploading filenames with tabs in them. :)

like image 45
Christopher Orr Avatar answered Oct 13 '22 02:10

Christopher Orr