From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8EB979177B for ; Mon, 14 Nov 2022 11:34:20 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6901B21EE4 for ; Mon, 14 Nov 2022 11:33:50 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Mon, 14 Nov 2022 11:33:49 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 4372F43D04; Mon, 14 Nov 2022 11:33:49 +0100 (CET) Message-ID: Date: Mon, 14 Nov 2022 11:33:48 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.0 Content-Language: en-US To: Proxmox VE development discussion , John Hollowell References: <20221113234810.6642-1-jhollowe@johnhollowell.com> <20221113234810.6642-2-jhollowe@johnhollowell.com> From: Matthias Heiserer In-Reply-To: <20221113234810.6642-2-jhollowe@johnhollowell.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: =?UTF-8?Q?0=0A=09?=AWL -0.189 Adjusted score from AWL reputation of From: =?UTF-8?Q?address=0A=09?=BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict =?UTF-8?Q?Alignment=0A=09?=NICE_REPLY_A -0.001 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF =?UTF-8?Q?Record=0A=09?=SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH http-server 1/1] fix #4344: http-server: ignore unused multipart headers X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Nov 2022 10:34:20 -0000 Thanks for the patch! I must have overlooked that in my original patch. Didn't think to test with proxmoxer :) In case you haven't do so already, please submit the contributor license agreement. We require that in order to use your patch. https://www.proxmox.com/en/proxmox-ve/get-involved On 14.11.2022 00:48, John Hollowell wrote: > Signed-off-by: John Hollowell > --- > src/PVE/APIServer/AnyEvent.pm | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm > index f397a8c..d958642 100644 > --- a/src/PVE/APIServer/AnyEvent.pm > +++ b/src/PVE/APIServer/AnyEvent.pm > @@ -1215,15 +1215,15 @@ sub file_upload_multipart { > $extract_form_disposition->('checksum'); > > if ($hdl->{rbuf} =~ > - s/^${delim_re} > - Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"${newline_re} > - Content-Type:\ \S*\s+ > - //sxx > + s/^${delim_re}Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"//sxx We should drop the xx and escaping of spaces, it's not needed for the single line. > ) { > assert_form_disposition($1); > die "wrong field name '$2' for file upload, expected 'filename'" if $2 ne "filename"; > $rstate->{phase} = 2; > $rstate->{params}->{filename} = trim($3); > + > + # remove any remaining multipart "headers" like Content-Type > + $hdl->{rbuf} =~ s/^.*?${newline_re}{2}//s I'm thinking of whether it would be better to include this line in the other one, or not. Probably more clearer the way it is now. > } > } > > -- > 2.30.2 > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > Reviewed-by: Matthias Heiserer Tested-by: Matthias Heiserer