Mozilla Firefox

Bug #32301
Comment #10

Comment 10 for bug 32301

Revision history for this message

Chris Moore (dooglus) wrote on 2006-02-21:

#10

I have been trying to report this upstream, but bugzilla.mozilla.org just hangs when I try to submit the bug report. I've tried it in 3 different browsers with 2 different bugzilla accounts, but they all hang for about 5 minutes and then reply with:

Bad Request
Your browser sent a request that this server could not understand.
Apache/2.0.52 (Red Hat) Server at bugzilla-test.mozilla.org Port 443

The report I was trying to raise was the following, in case anyone else wants to report it upstream:

---------
component
---------

general

----------
user agent
----------

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060210 Ubuntu/dapper Firefox/1.5.0.1

-------
summary
-------

typing control-y into an empty input field invisibly adds \r\n to the end

-------
details
-------

I was using a form like this:

The "file" input expects a filename. I copied a full path into my clipboard using Emacs and wanted to paste it into the "file" input field. I typed control-y, the Emacs way of pasting. Nothing appeared to happen. Realising my mistake I typed control-v instead and the value was pasted. Then I hit submit to send the file for upload, the upload failed.

What got sent to the web server was the following:

-----------------------------11692444882074929047948775071
Content-Disposition: form-data; name="a"; filename="/path/to/file
"
Content-Type: application/octet-stream

-----------------------------11692444882074929047948775071--

Notice the newline at the end of the filename, before the closing quote. The application on the web server interpreted the closing quote and Content-Type header as the contents of the file, and uploaded that.

Using 'get' instead of 'post' causes a similar effect, visiting:

http://localhost/cgi-bin/foo.cgi?a=file%0D%0A

(note the %0D%0A at the end of the URL).

The same effect happens for regular 'text' input fields, but with less obvious results.

Typing control-y when the field isn't empty doesn't cause this problem.

Typing control-y when the field is empty and then using the 'browse' button to select a file doesn't cause the problem.

------------
to reproduce
------------

1. find a web page which lets you upload a file using an <input type="file">
2. empty the "file" input box if it's not already empty (control-a backspace will do that)
3. type a valid path to a file into the box (don't use the browse button)
4. click 'submit' to upload the file. the file won't be sent to the webserver as it should

I have been trying to report this upstream, but bugzilla.mozilla.org just hangs when I try to submit the bug report.  I've tried it in 3 different browsers with 2 different bugzilla accounts, but they all hang for about 5 minutes and then reply with:

Bad Request
Your browser sent a request that this server could not understand.
Apache/2.0.52 (Red Hat) Server at bugzilla-test.mozilla.org Port 443

The report I was trying to raise was the following, in case anyone else wants to report it upstream:

---------
component
---------

general

----------
user agent
----------

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060210 Ubuntu/dapper Firefox/1.5.0.1

-------
summary
-------

typing control-y into an empty input field invisibly adds \r\n to the end

-------
details
-------

I was using a form like this:

The "file" input expects a filename.  I copied a full path into my clipboard using Emacs and wanted to paste it into the "file" input field.  I typed control-y, the Emacs way of pasting.  Nothing appeared to happen.  Realising my mistake I typed control-v instead and the value was pasted.  Then I hit submit to send the file for upload, the upload failed.

What got sent to the web server was the following:

-----------------------------11692444882074929047948775071
Content-Disposition: form-data; name="a"; filename="/path/to/file
"
Content-Type: application/octet-stream

-----------------------------11692444882074929047948775071--

Notice the newline at the end of the filename, before the closing quote.  The application on the web server interpreted the closing quote and Content-Type header as the contents of the file, and uploaded that.

Using 'get' instead of 'post' causes a similar effect, visiting:

http://localhost/cgi-bin/foo.cgi?a=file%0D%0A

(note the %0D%0A at the end of the URL).

The same effect happens for regular 'text' input fields, but with less obvious results.

Typing control-y when the field isn't empty doesn't cause this problem.

Typing control-y when the field is empty and then using the 'browse' button to select a file doesn't cause the problem.

------------
to reproduce
------------

1. find a web page which lets you upload a file using an <input type="file">
2. empty the "file" input box if it's not already empty (control-a backspace will do that)
3. type a valid path to a file into the box (don't use the browse button)
4. click 'submit' to upload the file.  the file won't be sent to the webserver as it should