Bug#301606: MIME attachment broken for RFC1522 attachment names (#273993 FE)

To: 301606@bugs.debian.org
Subject: Bug#301606: MIME attachment broken for RFC1522 attachment names (#273993 FE)
From: Don Armstrong <don@debian.org>
Date: Sat, 26 Mar 2005 18:58:07 -0800
Message-id: <[🔎] 20050327025807.GM5463@xieana.donarmstrong.org>
Reply-to: Don Armstrong <don@debian.org>, 301606@bugs.debian.org
In-reply-to: <[🔎] 20050326234313.GL5463@xieana.donarmstrong.org>
References: <[🔎] 20050326234313.GL5463@xieana.donarmstrong.org>

tag 301606 patch
thanks

On Sat, 26 Mar 2005, Don Armstrong wrote:
> The mime attachment code is broken for RFC1522 attachment names. FE,
> this link:
> http://bugs.debian.org/cgi-bin/bugreport.cgi/=?iso-8859-1?Q?gdb.txt?=?bug=273993&msg=15&att=1
> is totally bogus (see #273993).
> 
> I'll look into squishing this one shortly since it intersects with
> the RFC1522 work that I did earlier.

Basically, the fix is pretty straightforward, run the filename through
decode_rfc1522 (and make sure the filename is uri_escape first.)


Don Armstrong

-- 
Three little words. (In decending order of importance.)
I
love
you
 -- hugh macleod http://www.gapingvoid.com/graphics/batch35.php

http://www.donarmstrong.com              http://rzlab.ucr.edu

Index: cgi/bugreport.cgi
===================================================================
RCS file: /cvs/debbugs/source/cgi/bugreport.cgi,v
retrieving revision 1.65
diff -u -r1.65 bugreport.cgi
--- cgi/bugreport.cgi	1 Jun 2004 00:41:26 -0000	1.65
+++ cgi/bugreport.cgi	27 Mar 2005 02:41:53 -0000
@@ -68,5 +68,6 @@
     my $type = $entity->effective_type;
     my $filename = $entity->head->recommended_filename;
     $filename = '' unless defined $filename;
+    $filename = decode_rfc1522($filename);
 
     if ($top) {
	$$this .= htmlsanit($entity->stringify_header) unless ($terse);
 	$$this .= "\n";
     }
 
Index: cgi/common.pl
===================================================================
RCS file: /cvs/debbugs/source/cgi/common.pl,v
retrieving revision 1.108
diff -u -r1.108 common.pl
--- cgi/common.pl	28 Mar 2004 06:02:45 -0000	1.108
+++ cgi/common.pl	27 Mar 2005 02:42:42 -0000
@@ -6,12 +6,14 @@
 use MLDBM qw/DB_File/;
 use POSIX qw/ceil/;
 
+use URI::Escape;
+
 $config_path = '/etc/debbugs';
 $lib_path = '/usr/lib/debbugs';
 require "$lib_path/errorlib";
 
 use Debbugs::Versions;
 use Debbugs::MIME qw(decode_rfc1522);
 
 $MLDBM::RemoveTaint = 1;
 
@@ -453,7 +455,7 @@
     }
     $params .= "&archive=yes" if ($common_archive);
     my $pathinfo = '';
-    $pathinfo = "/$filename" if $filename ne '';
+    $pathinfo = '/'.uri_escape($filename) if $filename ne '';
 
     return urlsanit("bugreport.cgi$pathinfo?$params");
 }

Reply to:

References:
- Bug#301606: MIME attachment broken for RFC1522 attachment names (#273993 FE)
  - From: Don Armstrong <don@debian.org>

Prev by Date: Bug#301606: MIME attachment broken for RFC1522 attachment names (#273993 FE)
Next by Date: Bug#34071:
Previous by thread: Bug#301606: MIME attachment broken for RFC1522 attachment names (#273993 FE)
Next by thread: Bug#34071:
Index(es):
- Date
- Thread