From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <johnahollowell@gmail.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id A13378E903
 for <pve-devel@lists.proxmox.com>; Mon, 14 Nov 2022 01:20:01 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 796751D0D9
 for <pve-devel@lists.proxmox.com>; Mon, 14 Nov 2022 01:19:31 +0100 (CET)
Received: from mail-qk1-f175.google.com (mail-qk1-f175.google.com
 [209.85.222.175])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Mon, 14 Nov 2022 01:19:30 +0100 (CET)
Received: by mail-qk1-f175.google.com with SMTP id g10so6561424qkl.6
 for <pve-devel@lists.proxmox.com>; Sun, 13 Nov 2022 16:19:30 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=lBtS22/ujrhi+d75g96LmmzgcnVujtf7a+pRlXK3q/U=;
 b=v5/mDpvF1Td3q4uXqjLXCheU09k5DNX6BVhYMNKOREOg0wkEwvPyodhiqkx6DACMr/
 RVe9K+TkoDcqf1hhhiIMMH8ImKIC0B5+ZzaUBwhKrl1K1QA3Js3y2TI2SltifpVzSZwW
 vVo3iG+i5uRP2nvYtRlKW4njzdZIMDws1ddVrKc7YarLrMMhE5LKRoxDSjtIrkk1BKV5
 UGV8snLLEO26Jm6TR8eM0vU1RWU39lfm1SQzqrLRjHMBdYJUPyovtN1fItRWwFxqAwCs
 WZ2neE0CCt+GXmSC00N8TR6lEmF350jXSQhEmYJIi5djz28aT2lQxOh+YmmNqjvWsdBh
 kBgA==
X-Gm-Message-State: ANoB5pmf+UmMarCsl3oJfK+JZD+thwmSO4Fo6OGj7hU4dhHYeQtRmYBH
 DC0cQEFlLLC6TjHNVMsf2hn7/W8xJy8+cw==
X-Google-Smtp-Source: AA0mqf5QHs+bfPu78KKuRAMAuWUvNPTKxgF2i3DIRoe3qL9RMQHk15u2AeOwiDytGwIcP1g4dlFANw==
X-Received: by 2002:a05:622a:5c9b:b0:39c:cb9e:3524 with SMTP id
 ge27-20020a05622a5c9b00b0039ccb9e3524mr10113883qtb.563.1668383337612; 
 Sun, 13 Nov 2022 15:48:57 -0800 (PST)
Received: from smtprelay.homelab.johnhollowell.com
 (cpe-76-182-68-238.nc.res.rr.com. [76.182.68.238])
 by smtp.gmail.com with UTF8SMTPSA id
 u184-20020a372ec1000000b006f9e103260dsm5446673qkh.91.2022.11.13.15.48.56
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Sun, 13 Nov 2022 15:48:57 -0800 (PST)
Received: from localhost.localdomain ([10.50.0.103]) by
 smtprelay.homelab.johnhollowell.com with ESMTP;
 Sun, 13 Nov 2022 18:48:55 -0500 (EST)
From: John Hollowell <jhollowe@johnhollowell.com>
To: pve-devel@lists.proxmox.com
Cc: John Hollowell <jhollowe@johnhollowell.com>
Date: Sun, 13 Nov 2022 23:48:09 +0000
Message-Id: <20221113234810.6642-1-jhollowe@johnhollowell.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 FREEMAIL_FORGED_FROMDOMAIN 0.249 2nd level domains in From and EnvelopeFrom
 freemail headers are different
 FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
 HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail
 domains are different
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust RCVD_IN_MSPIKE_H2      -0.001 Average reputation (+2)
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
X-Mailman-Approved-At: Mon, 14 Nov 2022 09:14:30 +0100
Subject: [pve-devel] [PATCH http-server 0/1] fix #4344: ignore unused
 multipart headers
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2022 00:20:01 -0000

This fixes an issue where an upload request without a Content-Type in
the file's multipart part would prevent the upload and throw
missleading errors. This patch removes the requirement and ignores
all multipart headers once the needed information has been extracted.

I have tested these changes against a 7.2-11 server and both a previously
broken upload method (without the Content-Type) and using the webUI in
Chrome (which includes a Content-Type) correctly uploads the file.

John Hollowell (1):
  fix #4344: http-server: ignore unused multipart headers

 src/PVE/APIServer/AnyEvent.pm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--
2.30.2