Re: [Django] #12578: multipartparser.Parser does not accept non-canonical bare CR and bare LF

Mon, 11 Jan 2010 06:21:25 -0800 

#12578: multipartparser.Parser does not accept non-canonical bare CR and bare LF
------------------------------------+---------------------------------------
          Reporter:  jfenwick       |         Owner:  nobody
            Status:  new            |     Milestone:        
         Component:  HTTP handling  |       Version:  1.1   
        Resolution:                 |      Keywords:  jython
             Stage:  Unreviewed     |     Has_patch:  0     
        Needs_docs:  0              |   Needs_tests:  0     
Needs_better_patch:  0              |  
------------------------------------+---------------------------------------
Comment (by kmtracey):

 More details would be helpful here. From a brief look at the code
 referenced, I'm not at all sure that changing the one line identified
 would fix any problem. (Perhaps that wasn't intended to be implied by
 identifying one line, but that is how I read it).  Further in that routine
 (line 579, for example), CRLF is used for splitting lines.  So I suspect
 more than a single-line change would be needed to fix this.

 I'm also not entirely sure the code in Django here is wrong, per the RFC.
 The name of this routine is `parse_boundary_stream`, implying to me it is
 responsible only for splitting a multipart message based on boundary
 markers. The very next section of the RFC cited
 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7.2) says, in
 reference to multipart types: "The message body is itself a protocol
 element and MUST therefore use only CRLF to represent line breaks between
 body-parts." Thus it sounds perfectly legit to me for Django to be
 requiring CRLF in this specific case.

 So, I'd really like to get a better understanding of the exact form of the
 data that is causing problems here.

-- 
Ticket URL: <http://code.djangoproject.com/ticket/12578#comment:3>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to