Hi,
After building and installing from trunk, I can see all of the
parameters being parsed as expected.
Thank you for your help,
kind regards,
Raymond Field
On 04/07/2023 22:01, Joe Schaefer wrote:
2.17 was a dud security release. Use trunk
Joe Schaefer, Ph.D
<[email protected]>
+1 (954) 253-3732
SunStar Systems, Inc.
/Orion - The Enterprise Jamstack Wiki/
/
/
------------------------------------------------------------------------
*From:* Raymond Field via dev <[email protected]>
*Sent:* Tuesday, July 4, 2023 7:36:33 AM
*To:* [email protected] <[email protected]>
*Subject:* libapreq 2.17 POST upload with empty filename parameter
Hi,
I don't know if this is the correct place to report an issue with
libapreq2, please let me know where I should sent this report if this
isn't the correct place.
If I POST a form to the server that contains unfilled file upload
fields, the
library seems to give up processing at the first empty filename, e.g. if
I POST
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="postticket"
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="uid"
1263741688468911
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_doc_file";
filename="some_test.txt"
Content-Type: text/plain
this is some text
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_doc_type"
Document
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="vidlinkhtml"
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_doc_thumbnail"; filename=""
Content-Type: application/octet-stream
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_doc_file_thumbnail"; filename=""
Content-Type: application/octet-stream
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_doc_title"
joe_wicks_crispy_sesame_chicken
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_access"
General
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_port_name"
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_doc_desc"
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="role_7_priv_2"
21
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_comments"
YES
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="new_notify"
YES
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="add_submit"
Submit
-----------------------------15448443913271751721417945010
Content-Disposition: form-data; name="add_submit_button"
Submit
-----------------------------15448443913271751721417945010--
When looking at $apr->param I only see the following names: postticket
uid new_doc_file vidlinkhtml
i.e. up to but not including the first parameter with filename=""
If I submit the form without the parameters that have empty filenames I
see all of the parameter names.
This started happening when I upgraded a server from Debian 11 to Debian
12, so it worked OK in libapreq 2.13. The libapreq libraries are not
currently included in the Bookwork package list, so I added them from
testing. I've also tried installing directly from CPAN, but the same
issue.
Kind regards,
Raymond Field
