mime: use percent-escaping for multipart form field and file names. #7805
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
51a81f7 to
49c7329
Compare
bagder
approved these changes
Oct 4, 2021
docs/cmdline-opts/form-escape.d
Outdated
| Example: --form-escape --form 'field\\name=curl' 'file=@load"this' $URL | ||
| --- | ||
| Tells curl to escape multipart form field and file names using the | ||
| backslash-escaping algorithm rather than the percent-encoding. |
There was a problem hiding this comment.
How about:
Tells curl to pass on multipart form fields and file names using backslash-escaping instead of percent-encoding.
There was a problem hiding this comment.
It seems to me that having a plural for fields references the contents rather than their names. What about fields- and file names ?
There was a problem hiding this comment.
Changed it to:
Tells curl to pass on names of multipart form fields and files using backslash-escaping instead of percent-encoding.
e1b4805 to
c84699e
Compare
|
Changed the escaping algorithm: this is shorter, simpler and saves a call to |
4e05192 to
e4acb7a
Compare
bagder
approved these changes
Oct 25, 2021
docs/cmdline-opts/form-escape.d
Outdated
| Help: Escape multipart form field/file names using backslash | ||
| Protocols: HTTP | ||
| See-also: form | ||
| Added: 7.80.0 |
There was a problem hiding this comment.
This seems likely to end up landing in 7.81.0
There was a problem hiding this comment.
All version references changed to 7.81.0 now.
Until now, form field and file names where escaped using the backslash-escaping algorithm defined for multipart mails. This commit replaces this with the percent-escaping method for URLs. As this may introduce incompatibilities with server-side applications, a new libcurl option CURLOPT_MIME_OPTIONS with bitmask CURLMIMEOPT_FORMESCAPE is introduced to revert to legacy use of backslash-escaping. This is controlled by new cli tool option --form-escape. New tests and documentation are provided for this feature. Reported by: Ryan Sleevi Fixes curl#7789
|
Thanks! |
|
Thanks for pulling! |
fabpot
added a commit
to symfony/symfony
that referenced
this pull request
Dec 20, 2021
…las-grekas) This PR was merged into the 4.4 branch. Discussion ---------- [Mime] Fix encoding filenames in multipart/form-data | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #41249 | License | MIT | Doc PR | - File uploads that use forms have stick to browsers' behavior. This is captured in the WHATWG in their living standard: https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data curl did the same a few weeks ago: curl/curl#7805 Commits ------- a58c342 [Mime] Fix encoding filenames in multipart/form-data
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Until now, form field and file names where escaped using the
backslash-escaping algorithm defined for multipart mails. This commit
replaces this with the percent-escaping method for URLs.
As this may introduce incompatibilities with server-side applications,
a libcurl option CURLOPT_FORM_ESCAPE_AS_MIME is introduced to revert to
legacy use of backslash-escaping. This is controlled by new cli tool
option --mime-escape.
New tests and documentation are provided for this feature.
Reported by: Ryan Sleevi
Fixes #7789