multipart upload: remove ignore-whitespace flag from regex

[pve-http-server.git] / src / PVE / APIServer / AnyEvent.pm

diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
index 4296ded0094da434d59124b173a872e176e4a7b2..f1e700aa28a7b60104fd637e39857d516ae95227 100644 (file)
--- a/src/PVE/APIServer/AnyEvent.pm
+++ b/src/PVE/APIServer/AnyEvent.pm
@@ -46,7 +46,7 @@ use URI;
 
 use PVE::INotify;
 use PVE::SafeSyslog;
-use PVE::Tools;
+use PVE::Tools qw(trim);
 
 use PVE::APIServer::Formatter;
 use PVE::APIServer::Utils;
@@ -1186,11 +1186,6 @@ my sub assert_form_disposition {
 sub file_upload_multipart {
     my ($self, $reqstate, $auth, $method, $path, $rstate) = @_;
 
-    my $trim = sub {
-       $_[0] =~ /\s*(\S+)/;
-       return $1;
-    };
-
     eval {
        my $boundary = $rstate->{boundary};
        my $hdl = $reqstate->{hdl};
@@ -1198,7 +1193,7 @@ sub file_upload_multipart {
 
        my $newline_re = qr/\015?\012/;
        my $delim_re = qr/--\Q$boundary\E${newline_re}/;
-       my $close_delim_re = qr/--\Q$boundary\E--${newline_re}/;
+       my $close_delim_re = qr/--\Q$boundary\E--/;
 
        # Phase 0 - preserve boundary, but remove everything before
        if ($rstate->{phase} == 0 && $hdl->{rbuf} =~ s/^.*?($delim_re)/$1/s) {
@@ -1206,11 +1201,19 @@ sub file_upload_multipart {
            $rstate->{phase} = 1;
        }
 
+       my $remove_until_data = sub {
+           my ($hdl) = @_;
+           # remove any remaining multipart "headers" like Content-Type
+           $hdl->{rbuf} =~ s/^.*?${newline_re}{2}//s;
+       };
+
        my $extract_form_disposition = sub {
            my ($name) = @_;
-           if ($hdl->{rbuf} =~ s/^${delim_re}Content-Disposition: (.*?); name="$name"(.*?)($delim_re)/$3/s) {
+           if ($hdl->{rbuf} =~ s/^${delim_re}.*?Content-Disposition: (.*?); name="$name"(.*?${delim_re})/$2/s) {
                assert_form_disposition($1);
-               $rstate->{params}->{$name} = $trim->($2);
+               $remove_until_data->($hdl);
+               $hdl->{rbuf} =~ s/^(.*?)(${delim_re})/$2/s;
+               $rstate->{params}->{$name} = trim($1);
            }
        };
 
@@ -1219,16 +1222,14 @@ sub file_upload_multipart {
            $extract_form_disposition->('checksum-algorithm');
            $extract_form_disposition->('checksum');
 
-           if ($hdl->{rbuf} =~
-               s/^${delim_re}
-               Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"${newline_re}
-               Content-Type:\ \S*\s+
-               //sxx
-           ) {
+           if ($hdl->{rbuf} =~ s/^${delim_re}Content-Disposition: (.*?); name="(.*?)"; filename="([^"]+)"${newline_re}//s) {
                assert_form_disposition($1);
                die "wrong field name '$2' for file upload, expected 'filename'" if $2 ne "filename";
                $rstate->{phase} = 2;
-               $rstate->{params}->{filename} = $trim->($3);
+               $rstate->{params}->{filename} = trim($3);
+
+               # remove any remaining multipart "headers" like Content-Type
+               $hdl->{rbuf} =~ s/^.*?${newline_re}{2}//s
            }
        }
 
@@ -1285,26 +1286,6 @@ sub parse_content_type {
     return  wantarray ? ($ct) : $ct;
 }
 
-sub parse_content_disposition {
-    my ($line) = @_;
-
-    my ($disp, @params) = split(/\s*[;,]\s*/o, $line);
-    my $name;
-    my $filename;
-
-    foreach my $v (@params) {
-       if ($v =~ m/^\s*name\s*=\s*(\S+?)\s*$/o) {
-           $name = $1;
-           $name =~ s/^"(.*)"$/$1/;
-       } elsif ($v =~ m/^\s*filename\s*=\s*(.+?)\s*$/o) {
-           $filename = $1;
-           $filename =~ s/^"(.*)"$/$1/;
-       }
-    }
-
-    return  wantarray ? ($disp, $name, $filename) : $disp;
-}
-
 my $tmpfile_seq_no = 0;
 
 sub get_upload_filename {