From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 4AB97967D for ; Fri, 18 Nov 2022 02:39:39 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 31C8D32449 for ; Fri, 18 Nov 2022 02:39:39 +0100 (CET) Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 18 Nov 2022 02:39:37 +0100 (CET) Received: by mail-qk1-f170.google.com with SMTP id g10so2544321qkl.6 for ; Thu, 17 Nov 2022 17:39:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KwVdccnUhugckduMLVvUTunWYaQ+/iHUy/q3VNLXVxI=; b=zipvt3UzxJv/ltugbm5KrU1APaZ7yNpgH+irhGf9DbfGJORjwsh5F5B7oaUiGlz2bK KQewwVgFyBNE6vNZlt3B/THWR6uAxuoZUCuXpeOFgJCBb5Igw4fcdBzOGT7RzmkV0+/C bAicdNo8kfiHJ96fBQODVs8dG1oOlOHvuwypg3xwcNHzMP50xYNM8aIOezB5EgzqW9xb p16D5sHGS46CVHArtpEuazD0qNbhpQIOJtz5NhFG3Y/wXvNaC9eilMBx8+GgqwUEfZyP zzvZmUQnb8NaUpuTkShv6QjzbTsQlWsvV+MVyuntxK8D0xNYksdjp56vmtu5BMQGgrdq +YOw== X-Gm-Message-State: ANoB5pmzYsiNsSlJEiiqZpremajvxtm0Hr3FSQmGEztMMC4FQn8z/JG6 p4patF9zZFxUJSZlk8LmPspBm7Zkzcq9jQ== X-Google-Smtp-Source: AA0mqf574wYWrZGcN3ru4tC5gIW6iqvRRfKBUyUrGQET6w3w304Qu4S1hFM3JfRxBnvBcob4L7LV7A== X-Received: by 2002:a05:620a:22d6:b0:6fa:2cb5:8b4b with SMTP id o22-20020a05620a22d600b006fa2cb58b4bmr4143722qki.348.1668735569812; Thu, 17 Nov 2022 17:39:29 -0800 (PST) Received: from smtprelay.homelab.johnhollowell.com (cpe-76-182-68-238.nc.res.rr.com. [76.182.68.238]) by smtp.gmail.com with UTF8SMTPSA id x22-20020ac86b56000000b0039953dcc480sm1247689qts.88.2022.11.17.17.39.29 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 17 Nov 2022 17:39:29 -0800 (PST) Received: from localhost.localdomain ([10.50.0.102]) by smtprelay.homelab.johnhollowell.com with ESMTP; Thu, 17 Nov 2022 20:39:28 -0500 (EST) From: John Hollowell To: pve-devel@lists.proxmox.com Cc: John Hollowell Date: Fri, 18 Nov 2022 01:39:09 +0000 Message-Id: <20221118013911.2655-1-jhollowe@johnhollowell.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: =?UTF-8?Q?0=0A=09?=AWL 0.124 Adjusted score from AWL reputation of From: =?UTF-8?Q?address=0A=09?=BAYES_00 -1.9 Bayes spam probability is 0 to 1% FREEMAIL_FORGED_FROMDOMAIN 0.001 2nd level domains in From and EnvelopeFrom freemail headers are =?UTF-8?Q?different=0A=09?=FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail =?UTF-8?Q?provider=0A=09?=HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are =?UTF-8?Q?different=0A=09?=KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict =?UTF-8?Q?Alignment=0A=09?=RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no =?UTF-8?Q?trust=0A=09?=RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF =?UTF-8?Q?Record=0A=09?=SPF_PASS -0.001 SPF: sender matches SPF =?UTF-8?Q?record=0A=09?=URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [anyevent.pm] Subject: [pve-devel] [PATCH v2 http-server 0/2] fix #4344: ignore unused multipart headers X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Nov 2022 01:39:39 -0000 This fixes an issue where an upload request without a Content-Type in the file's multipart part would prevent the upload and throw missleading errors. This patch removes the requirement and ignores all multipart headers once the needed information has been extracted. I have tested these changes against a 7.2-11 server and both a previously broken upload method (without the Content-Type) and using the webUI in Chrome (which includes a Content-Type) correctly uploads the file. Changes since v1: * remove `xx` and escaping of spaces from regex John Hollowell (2): fix #4344: http-server: ignore unused multipart headers Remove whitespace ignore from regex src/PVE/APIServer/AnyEvent.pm | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) -- 2.30.2