From 14703896005b10abf37557de12b0583c7abbd157 Mon Sep 17 00:00:00 2001 From: Jocelyn Fiat Date: Fri, 29 Mar 2013 15:10:17 +0100 Subject: [PATCH] Fixed MIME multipart form data handler And use content-length value if provided. --- .../mime/wsf_multipart_form_data_handler.e | 30 +++++++++++--- .../wsf/src/support/wsf_mime_handler_helper.e | 39 +++++++++++-------- 2 files changed, 48 insertions(+), 21 deletions(-) diff --git a/library/server/wsf/src/mime/wsf_multipart_form_data_handler.e b/library/server/wsf/src/mime/wsf_multipart_form_data_handler.e index 39ea826f..68c568f3 100644 --- a/library/server/wsf/src/mime/wsf_multipart_form_data_handler.e +++ b/library/server/wsf/src/mime/wsf_multipart_form_data_handler.e @@ -52,7 +52,7 @@ feature {NONE} -- Implementation: Form analyzer require a_content_type_valid: a_content_type /= Void and not a_content_type.has_error s_attached: s /= Void - same_content_length: req.content_length_value = s.count + same_content_length: req.content_length_value > 0 implies req.content_length_value.as_integer_32 = s.count vars_attached: vars /= Void local p,i,next_b: INTEGER @@ -93,9 +93,29 @@ feature {NONE} -- Implementation: Form analyzer m := s.substring (i, next_b - 1 - 1) --| 1 = LF = %N end analyze_multipart_form_input (req, m, vars) - i := next_b + l_boundary_len + 1 - if is_crlf then - i := i + 1 --| +1 = CR = %R + if s.valid_index (next_b + l_boundary_len + 1) then + if is_crlf then + if s[next_b + l_boundary_len] = '%R' and s[next_b + l_boundary_len + 1] = '%N' then + -- continue + else + i := 0 -- reached the end + end + else + if s[next_b + l_boundary_len + 1] = '%N' then + -- continue + else + i := 0 -- reached the end + end + end + else + i := 0 -- missing end ? + req.error_handler.add_custom_error (0, "Invalid form data", "Invalid ending for form data from input") + end + if i > 0 then + i := next_b + l_boundary_len + 1 + if is_crlf then + i := i + 1 --| +1 = CR = %R + end end else if is_crlf then @@ -103,7 +123,7 @@ feature {NONE} -- Implementation: Form analyzer end m := s.substring (i - 1, s.count) m.right_adjust - if not l_boundary_prefix.same_string (m) then + if i >= s.count and not l_boundary_prefix.same_string (m) then req.error_handler.add_custom_error (0, "Invalid form data", "Invalid ending for form data from input") end i := next_b diff --git a/library/server/wsf/src/support/wsf_mime_handler_helper.e b/library/server/wsf/src/support/wsf_mime_handler_helper.e index 88d6b444..82d98c2d 100644 --- a/library/server/wsf/src/support/wsf_mime_handler_helper.e +++ b/library/server/wsf/src/support/wsf_mime_handler_helper.e @@ -11,31 +11,38 @@ feature {NONE} -- Implementation full_input_data (req: WSF_REQUEST): READABLE_STRING_8 do - Result := read_input_data (req.input) + Result := read_input_data (req.input, req.content_length_value) end - read_input_data (a_input: WGI_INPUT_STREAM): STRING_8 + read_input_data (a_input: WGI_INPUT_STREAM; a_content_length: NATURAL_64): STRING_8 -- All data from input form local n: INTEGER t: STRING do - from - n := 8_192 - create Result.make (n) - until - n = 0 - loop - a_input.read_string (n) - t := a_input.last_string - if t.count = 0 then - n := 0 - else - if t.count < n then + if a_content_length > 0 then + create Result.make (a_content_length.as_integer_32) + n := a_input.read_to_string (Result, 1, Result.capacity) + check n = a_content_length end + else + from + n := 8_192 + create Result.make (n) + until + n = 0 + loop + a_input.read_string (n) + t := a_input.last_string + if t.count = 0 then n := 0 + else + if t.count < n then + n := 0 + end + Result.append_string (t) end - Result.append_string (t) end + end end @@ -146,7 +153,7 @@ feature {NONE} -- Implementation end note - copyright: "2011-2012, Jocelyn Fiat, Javier Velilla, Olivier Ligot, Eiffel Software and others" + copyright: "2011-2013, Jocelyn Fiat, Javier Velilla, Olivier Ligot, Eiffel Software and others" license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" source: "[ Eiffel Software