Akopia Akopia Services
[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] bug in Server.pm (mv4.02)

Quoting Bill Randle (billr@exgate.tek.com):
> Mike/List,
> 
> I found a bug in parse_multipart() in Server.pm (line 207), but I'm not
> sure how to solve it since the obvious fix fails with other errors.
> The offending line of code is the call to interaction_error():
>     unless ($CGI::post_input =~ s/^\s*$boundary\s+//) {
>         return interaction_error("multipart/form-data sent incorrectly");
>     }
> 
> The initial problem is that interaction_error lives in Error.pm. So, we do
> the obvious fix:
> 	return ::interaction_error("multipart/form-data sent incorrectly");
> 
> This fixes the immediate problem, but then I get this in the global
> error.log file:
> 
> 204.119.40.90 - - [26/March/2000:14:50:45 -0800] -
> /fairwaytrader/golf4.cgi/database/editclub.html Could not open error file : No
> such file or directory
> > to report this error: 204.119.40.90 - - [26/March/2000:14:50:45 -0800] -
> /fairwaytrader/golf4.cgi/database/editclub.html Missing special page: interact
> 204.119.40.90 - - [26/March/2000:14:50:45 -0800] -
> /fairwaytrader/golf4.cgi/database/editclub.html Runtime error: Can't call
> method "respond" on an undefined value at ../../bin/minivend line 281.
> >

Yes, this is a bug. A quick fix is:

    die errmsg("multipart/form-data sent incorrectly\n");

And I think it is a reasonable long-term fix as well.

And thank you, Bill, for sending a patch for the bug in MSIE 5 which sparked
all of this. Patch is attached.

-- 
Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH  45056
phone +1.513.523.7621 fax 7501 <mikeh@minivend.com>

Be patient. God isn't finished with me yet.  -- unknown

*** /r/Server.pm	Thu Mar  9 14:08:21 2000
--- /rt/Server.pm	Sun Mar 26 22:03:25 2000
***************
*** 148,154 ****
  	my(@pairs, $pair, $key, $value);
  	undef %CGI::values;
  	return unless defined $CGI::post_input;
! 	return parse_multipart() if $CGI::content_type =~ /^multipart/i;
  	@pairs = split(/&/, $CGI::post_input);
  	if( defined $pairs[0] and $pairs[0] =~ /^	(\w{8,32})? ; /x)  {
  		@CGI::values{qw/ mv_session_id mv_arg mv_pc /}
--- 148,163 ----
  	my(@pairs, $pair, $key, $value);
  	undef %CGI::values;
  	return unless defined $CGI::post_input;
! 	if ($CGI::content_type =~ /^multipart/i) {
! 		return parse_multipart() if  $CGI::useragent !~ /MSIE\s+5/i;
! 		# try and work around an apparent IE5 bug that sends the content type
! 		# of the next POST after a multipart/form POST as multipart also -
! 		# even though it's sent as non-multipart data
! 		# Contributed by Bill Randle
! 		my ($boundary) = $CGI::content_type =~ /boundary=\"?([^\";]+)\"?/;
! 		$boundary = "--$boundary";
! 		return parse_multipart() if $CGI::post_input =~ /^\s*$boundary\s+/;
! 	}
  	@pairs = split(/&/, $CGI::post_input);
  	if( defined $pairs[0] and $pairs[0] =~ /^	(\w{8,32})? ; /x)  {
  		@CGI::values{qw/ mv_session_id mv_arg mv_pc /}
***************
*** 202,210 ****
  #::logDebug("got to multipart");
  	# Stolen from CGI.pm, thanks Lincoln
  	$boundary = "--$boundary"
! 		unless $Vend::Session->{browser} =~ /MSIE 3\.0[12];  Mac/i;
  	unless ($CGI::post_input =~ s/^\s*$boundary\s+//) {
! 		return interaction_error("multipart/form-data sent incorrectly");
  	}
  
  	my @parts;
--- 211,219 ----
  #::logDebug("got to multipart");
  	# Stolen from CGI.pm, thanks Lincoln
  	$boundary = "--$boundary"
! 		unless $CGI::useragent =~ /MSIE 3\.0[12];  Mac/i;
  	unless ($CGI::post_input =~ s/^\s*$boundary\s+//) {
! 		die errmsg("multipart/form-data sent incorrectly\n");
  	}
  
  	my @parts;
Search for: Match: Format: Sort by: