On Wed, Jul 13, 2005 at 03:00:13AM +0200, Frederic Briere wrote: > Package: lynx > Version: 2.8.5-2 > Severity: normal > > Given the following form: > > <FORM ENCTYPE="multipart/form-data" ...> > <INPUT NAME="quot;foo"" ... > ... > </FORM> > > lynx will naively submit the following: > > Content-Disposition: form-data; name=""foo""
This is still wrong in lynx-cur. I'm making a fix so the next lynx-cur
should work properly. What I'm seeing is not as naive, but an error.
In 2.8.5 it does call HTMake822Word, which is supposed to deal with this.
But that function confuses backslash and escape. The result is that
the inner double-quotes are escaped with escape (033) characters rather
than backslashes (0134). Oddly enough, that error is quite old (1998),
and only applies to some control characters as well as double-quote and
backslash.
After correcting this (near the end of HTParse.c):
if ((a != '\011') && ((a & 127) < 32 ||
(a < 128 && ((crfc[a - 32]) & 2))))
*q++ = '\033';
to
if ((a != '\011') && ((a & 127) < 32 ||
(a < 128 && ((crfc[a - 32]) & 2))))
*q++ = '\134';
I see in the trace
Query 112{--LYNX\r
Content-Disposition: form-data; name="\\"foo\\""\r
Content-Type: text/plain\r
\r
Submit this form\r
--LYNX--\r
}
which looks correct...
> which is clearly wrong.
>
>
> RFC 1867 never actually bothers to formally define Content-Disposition,
> but it does refer to RFC 1806, which (via RFC 822) mandates that this
> header's value be a quoted-string, and must be escaped properly.
;-)
--
Thomas E. Dickey <[EMAIL PROTECTED]>
http://invisible-island.net
ftp://invisible-island.net
signature.asc
Description: Digital signature
