Upload filename with double quote failure

Problem uploading file name - test"try.txt (with double quotes inside
file
name) under firefox browser.
It pass to backend file content as a file name.

{“note”: [“”], “upfile”:
[“erthtyjt\nrthy\ntrh\nrt\nh\nrt\nh\nrt\nh\nrth\nr\nth\nr\nth\n\nt\n\n”]}

here is debug from nginx.
http://pastebin.com/P6nkNNj3

Posted at Nginx Forum:

Hello!

On Wed, Apr 24, 2013 at 11:08:11AM -0400, motto wrote:

Problem uploading file name - test"try.txt (with double quotes inside file
name) under firefox browser.
It pass to backend file content as a file name.

{“note”: [“”], “upfile”:
[“erthtyjt\nrthy\ntrh\nrt\nh\nrt\nh\nrt\nh\nrth\nr\nth\nr\nth\n\nt\n\n”]}

here is debug from nginx.
http://pastebin.com/P6nkNNj3

It doesn’t look like there is anything wrong in nginx. Try
looking into what happens on your backend.


Maxim D.
http://nginx.org/en/donation.html

as for nginx backend for debug purpose I use python-tornado script,
which
will just give back params, which nginx pass to it.
so here it is:
upload under Chrome:
{u’upfile.path’: [‘/usr/local/apps/Opus/temp/upload/6/0009495446’],
u’upfile.size’: [‘51’], u’upfile.name’: [‘test%22try.txt’], u’note’:
[‘’],
u’upfile.md5’: [‘5a089ad5ea93048b0d492d53626bf76b’],
u’upfile.content_type’:
[‘text/plain’]}
upload under Firefox:
{u’note’: [‘’], u’upfile’:
[‘erthtyjt\nrthy\ntrh\nrt\nh\nrt\nh\nrt\nh\nrth\nr\nth\nr\nth\n\nt\n\n’]}

Chrome does character encoding, but Firefox - just backspace double
quote
sign.

Posted at Nginx Forum:

Hello!

On Wed, Apr 24, 2013 at 11:57:03AM -0400, motto wrote:

[‘erthtyjt\nrthy\ntrh\nrt\nh\nrt\nh\nrt\nh\nrth\nr\nth\nr\nth\n\nt\n\n’]}

Chrome does character encoding, but Firefox - just backspace double quote
sign.

What Firefox does is actually correct per RFC, as handling of
multipart/form-data forms should be done per MIME encoding rules.
See RFC 2388 - Returning Values from Forms: multipart/form-data for more details.

Though anyway it’s not related to nginx - it doesn’t do anything
with a request body provided by a browser, it just passes it as is
to a backend.


Maxim D.
http://nginx.org/en/donation.html

Hello!

On Thu, Apr 25, 2013 at 03:06:36AM -0400, motto wrote:

    upload_set_form_field $upload_field_name.path "$upload_tmp_path";
location @test {
    proxy_pass   http://localhost:8080;
}

in case with firefox upload as you could see above, only “upfile” parameter
is available, while upfile.path, upfile.name and others are missing.
That could not be related to backend as I used the same backend while
uploading with the same form under Chrome and Firefox in above example.
Thank you.

Ah, ok, I understand now. You are using upload module by Valery
Kholodkov (http://grid.net.ru/nginx/upload.en.html). It indeed
changes the request body and might introduce the problem.

You may want to make sure you are able to reproduce the problem
with latest version of the upload module and report the problem to
the module author.


Maxim D.
http://nginx.org/en/donation.html

Sorry to be annoying, here is part of nginx config:

 # Upload form should be submitted to this location
location /upload_test {
    upload_pass   @test;
    upload_store /usr/local/apps/Opus/temp/upload 1;
    upload_store_access user:r;
    upload_set_form_field $upload_field_name.name 

“$upload_file_name”;
upload_set_form_field $upload_field_name.content_type
“$upload_content_type”;
upload_set_form_field $upload_field_name.path
“$upload_tmp_path”;
upload_aggregate_form_field “$upload_field_name.md5”
“$upload_file_md5”;
upload_aggregate_form_field “$upload_field_name.size”
“$upload_file_size”;
upload_pass_form_field “^(.*)”;
#upload_cleanup 400 404 499 500-505;
upload_cleanup 404;
}

# Pass altered request body to a backend
location @test {
    proxy_pass   http://localhost:8080;
}

in case with firefox upload as you could see above, only “upfile”
parameter
is available, while upfile.path, upfile.name and others are missing.
That could not be related to backend as I used the same backend while
uploading with the same form under Chrome and Firefox in above example.
Thank you.

Posted at Nginx Forum: