Re: multipart/form-data without file upload

Tue, 05 Feb 2002 11:23:01 -0800 

Hi Joe, 
Thanks a lot for your prompt solution ! :)

Boris


On  0, Joe Schaefer <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] writes:
> 
> > Hi,
> > 
> > It seems that if I have a form with enctype of multipart/form-data
> > but it doesn't actually have a file upload, libapreq still thinks
> > that it has file upload. Thus, if my Apache is configured to disallow
> > file uploads, all forms with multipart/form-data become broken.
> > 
> > Is there some technical problem that prevents fixing this, so that
> > only multipart/form-data forms which actually have a file-upload in there
> > would be ignored ?
> 
> No, I think we just have the test misplaced; it should be inside
> the loop within apache_request.c 's ApacheRequest_parse_multipart().
> While it's suboptimal to retest this condition for each upload
> widget in a form submission, I can't imagine the performance 
> difference being even slightly noticeable.
> 
> Here's an untested patch- I'll commit in a few days unless someone 
> sees a problem with it.
> 
> % cvs diff
> cvs server: Diffing .
> cvs server: Diffing Cookie
> cvs server: Diffing Request
> cvs server: Diffing c
> Index: c/apache_request.c
> ===================================================================
> RCS file: /home/cvs/httpd-apreq/c/apache_request.c,v
> retrieving revision 1.15
> diff -u -r1.15 apache_request.c
> --- c/apache_request.c  31 Jan 2002 06:35:12 -0000      1.15
> +++ c/apache_request.c  5 Feb 2002 16:23:42 -0000
> @@ -381,11 +381,6 @@
>      multipart_buffer *mbuff;
>      ApacheUpload *upload = NULL;
>  
> -    if (req->disable_uploads) {
> -       ap_log_rerror(REQ_ERROR, "[libapreq] file upload forbidden");
> -       return HTTP_FORBIDDEN;
> -    }
> -
>      if (!ct) {
>         ap_log_rerror(REQ_ERROR, "[libapreq] no Content-type header!");
>         return HTTP_INTERNAL_SERVER_ERROR;
> @@ -447,6 +442,12 @@
>                 continue;
>             }
>             if (!param) continue; /* shouldn't happen, but just in case. */
> +
> +            if (req->disable_uploads) {
> +                ap_log_rerror(REQ_ERROR, "[libapreq] file upload forbidden");
> +                return HTTP_FORBIDDEN;
> +            }
> +
>             ap_table_add(req->parms, param, filename);
> 
> -- 
> Joe Schaefer

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to