I have been trying to report this upstream, but bugzilla.mozilla.org just hangs when I try to submit the bug report. I've tried it in 3 different browsers with 2 different bugzilla accounts, but they all hang for about 5 minutes and then reply with:
Bad Request
Your browser sent a request that this server could not understand.
Apache/2.0.52 (Red Hat) Server at bugzilla-test.mozilla.org Port 443
The report I was trying to raise was the following, in case anyone else wants to report it upstream:
---------
component
---------
general
----------
user agent
----------
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060210 Ubuntu/dapper Firefox/1.5.0.1
-------
summary
-------
typing control-y into an empty input field invisibly adds \r\n to the end
The "file" input expects a filename. I copied a full path into my clipboard using Emacs and wanted to paste it into the "file" input field. I typed control-y, the Emacs way of pasting. Nothing appeared to happen. Realising my mistake I typed control-v instead and the value was pasted. Then I hit submit to send the file for upload, the upload failed.
What got sent to the web server was the following:
Notice the newline at the end of the filename, before the closing quote. The application on the web server interpreted the closing quote and Content-Type header as the contents of the file, and uploaded that.
Using 'get' instead of 'post' causes a similar effect, visiting:
The same effect happens for regular 'text' input fields, but with less obvious results.
Typing control-y when the field isn't empty doesn't cause this problem.
Typing control-y when the field is empty and then using the 'browse' button to select a file doesn't cause the problem.
------------
to reproduce
------------
1. find a web page which lets you upload a file using an <input type="file">
2. empty the "file" input box if it's not already empty (control-a backspace will do that)
3. type a valid path to a file into the box (don't use the browse button)
4. click 'submit' to upload the file. the file won't be sent to the webserver as it should
I have been trying to report this upstream, but bugzilla. mozilla. org just hangs when I try to submit the bug report. I've tried it in 3 different browsers with 2 different bugzilla accounts, but they all hang for about 5 minutes and then reply with:
Bad Request test.mozilla. org Port 443
Your browser sent a request that this server could not understand.
Apache/2.0.52 (Red Hat) Server at bugzilla-
The report I was trying to raise was the following, in case anyone else wants to report it upstream:
---------
component
---------
general
----------
user agent
----------
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060210 Ubuntu/dapper Firefox/1.5.0.1
-------
summary
-------
typing control-y into an empty input field invisibly adds \r\n to the end
-------
details
-------
I was using a form like this:
<form action="http:// localhost/ cgi-bin/ foo.cgi" method="post" enctype= "multipart/ form-data" >
<input name="a" type="file" />
<input type="submit" />
</form>
The "file" input expects a filename. I copied a full path into my clipboard using Emacs and wanted to paste it into the "file" input field. I typed control-y, the Emacs way of pasting. Nothing appeared to happen. Realising my mistake I typed control-v instead and the value was pasted. Then I hit submit to send the file for upload, the upload failed.
What got sent to the web server was the following:
------- ------- ------- ------- -11692444882074 929047948775071 Disposition: form-data; name="a"; filename= "/path/ to/file octet-stream
Content-
"
Content-Type: application/
------- ------- ------- ------- -11692444882074 929047948775071 --
Notice the newline at the end of the filename, before the closing quote. The application on the web server interpreted the closing quote and Content-Type header as the contents of the file, and uploaded that.
Using 'get' instead of 'post' causes a similar effect, visiting:
http:// localhost/ cgi-bin/ foo.cgi? a=file% 0D%0A
(note the %0D%0A at the end of the URL).
The same effect happens for regular 'text' input fields, but with less obvious results.
Typing control-y when the field isn't empty doesn't cause this problem.
Typing control-y when the field is empty and then using the 'browse' button to select a file doesn't cause the problem.
------------
to reproduce
------------
1. find a web page which lets you upload a file using an <input type="file">
2. empty the "file" input box if it's not already empty (control-a backspace will do that)
3. type a valid path to a file into the box (don't use the browse button)
4. click 'submit' to upload the file. the file won't be sent to the webserver as it should