[prev in list] [next in list] [prev in thread] [next in thread]
List: httpcomponents-commits
Subject: httpcomponents-client git commit: HTTPCLIENT-1859: Encode header name, filename appropriately
From: olegk () apache ! org
Date: 2017-06-23 13:10:32
Message-ID: 84ba51eb24cb401a9ba1abbd2fc327c6 () git ! apache ! org
[Download RAW message or body]
Repository: httpcomponents-client
Updated Branches:
refs/heads/4.6.x dcf0c95b4 -> f0c7a3448
HTTPCLIENT-1859: Encode header name, filename appropriately
Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/commit/f0c7a344
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/tree/f0c7a344
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/diff/f0c7a344
Branch: refs/heads/4.6.x
Commit: f0c7a3448428fcd7e5b292bca8517c09bc71c3c6
Parents: dcf0c95
Author: Karl Wright <DaddyWri@gmail.com>
Authored: Thu Jun 22 09:51:27 2017 -0400
Committer: Oleg Kalnichevski <olegk@apache.org>
Committed: Fri Jun 23 15:08:57 2017 +0200
----------------------------------------------------------------------
.../http/entity/mime/FormBodyPartBuilder.java | 19 +++++++++++++--
.../entity/mime/TestFormBodyPartBuilder.java | 25 ++++++++++++++++++++
2 files changed, 42 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/f0c7a344/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java
----------------------------------------------------------------------
diff --git a/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java \
b/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java index \
a04d9d6..31c203a 100644
--- a/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java
+++ b/httpmime/src/main/java/org/apache/http/entity/mime/FormBodyPartBuilder.java
@@ -103,11 +103,11 @@ public class FormBodyPartBuilder {
if (headerCopy.getField(MIME.CONTENT_DISPOSITION) == null) {
final StringBuilder buffer = new StringBuilder();
buffer.append("form-data; name=\"");
- buffer.append(this.name);
+ buffer.append(encodeForHeader(this.name));
buffer.append("\"");
if (this.body.getFilename() != null) {
buffer.append("; filename=\"");
- buffer.append(this.body.getFilename());
+ buffer.append(encodeForHeader(this.body.getFilename()));
buffer.append("\"");
}
headerCopy.addField(new MinimalField(MIME.CONTENT_DISPOSITION, \
buffer.toString())); @@ -138,4 +138,19 @@ public class FormBodyPartBuilder {
return new FormBodyPart(this.name, this.body, headerCopy);
}
+ private static String encodeForHeader(final String headerName) {
+ if (headerName == null) {
+ return null;
+ }
+ final StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < headerName.length(); i++) {
+ final char x = headerName.charAt(i);
+ if (x == '"' || x == '\\' || x == '\r') {
+ sb.append("\\");
+ }
+ sb.append(x);
+ }
+ return sb.toString();
+ }
+
}
http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/f0c7a344/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java
----------------------------------------------------------------------
diff --git a/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java \
b/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java \
index 49a6bd8..56dd4f9 100644
--- a/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java
+++ b/httpmime/src/test/java/org/apache/http/entity/mime/TestFormBodyPartBuilder.java
@@ -27,12 +27,14 @@
package org.apache.http.entity.mime;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.util.Arrays;
import java.util.List;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.mime.content.FileBody;
+import org.apache.http.entity.mime.content.InputStreamBody;
import org.apache.http.entity.mime.content.StringBody;
import org.junit.Assert;
import org.junit.Test;
@@ -59,6 +61,29 @@ public class TestFormBodyPartBuilder {
}
@Test
+ public void testCharacterStuffing() throws Exception {
+ final FormBodyPartBuilder builder = FormBodyPartBuilder.create();
+ final InputStreamBody fileBody = new InputStreamBody(new \
ByteArrayInputStream( + "hello world".getBytes("UTF-8")), "stuff_with \
\"quotes\" and \\slashes\\.bin"); + final FormBodyPart bodyPart2 = builder
+ .setName("yada_with \"quotes\" and \\slashes\\")
+ .setBody(fileBody)
+ .build();
+
+ Assert.assertNotNull(bodyPart2);
+ Assert.assertEquals("yada_with \"quotes\" and \\slashes\\", \
bodyPart2.getName()); + Assert.assertEquals(fileBody, bodyPart2.getBody());
+ final Header header2 = bodyPart2.getHeader();
+ Assert.assertNotNull(header2);
+ assertFields(Arrays.asList(
+ new MinimalField("Content-Disposition", "form-data; \
name=\"yada_with \\\"quotes\\\" " + + "and \
\\\\slashes\\\\\"; filename=\"stuff_with \\\"quotes\\\" and \\\\slashes\\\\.bin\""), \
+ new MinimalField("Content-Type", \
"application/octet-stream"), + new \
MinimalField("Content-Transfer-Encoding", "binary")), + \
header2.getFields()); + }
+
+ @Test
public void testBuildBodyPartMultipleBuilds() throws Exception {
final StringBody stringBody = new StringBody("stuff", \
ContentType.TEXT_PLAIN); final FormBodyPartBuilder builder = \
FormBodyPartBuilder.create();
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic