use PVE::INotify;
use PVE::SafeSyslog;
-use PVE::Tools;
+use PVE::Tools qw(trim);
use PVE::APIServer::Formatter;
use PVE::APIServer::Utils;
sub file_upload_multipart {
my ($self, $reqstate, $auth, $method, $path, $rstate) = @_;
- my $trim = sub {
- $_[0] =~ /\s*(\S+)/;
- return $1;
- };
-
eval {
my $boundary = $rstate->{boundary};
my $hdl = $reqstate->{hdl};
my $newline_re = qr/\015?\012/;
my $delim_re = qr/--\Q$boundary\E${newline_re}/;
- my $close_delim_re = qr/--\Q$boundary\E--${newline_re}/;
+ my $close_delim_re = qr/--\Q$boundary\E--/;
# Phase 0 - preserve boundary, but remove everything before
if ($rstate->{phase} == 0 && $hdl->{rbuf} =~ s/^.*?($delim_re)/$1/s) {
$rstate->{phase} = 1;
}
+ my $remove_until_data = sub {
+ my ($hdl) = @_;
+ # remove any remaining multipart "headers" like Content-Type
+ $hdl->{rbuf} =~ s/^.*?${newline_re}{2}//s;
+ };
+
my $extract_form_disposition = sub {
my ($name) = @_;
- if ($hdl->{rbuf} =~ s/^${delim_re}Content-Disposition: (.*?); name="$name"(.*?)($delim_re)/$3/s) {
+ if ($hdl->{rbuf} =~ s/^${delim_re}.*?Content-Disposition: (.*?); name="$name"(.*?${delim_re})/$2/s) {
assert_form_disposition($1);
- $rstate->{params}->{$name} = $trim->($2);
+ $remove_until_data->($hdl);
+ $hdl->{rbuf} =~ s/^(.*?)(${delim_re})/$2/s;
+ $rstate->{params}->{$name} = trim($1);
}
};
$extract_form_disposition->('checksum-algorithm');
$extract_form_disposition->('checksum');
- if ($hdl->{rbuf} =~
- s/^${delim_re}
- Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"${newline_re}
- Content-Type:\ \S*\s+
- //sxx
- ) {
+ if ($hdl->{rbuf} =~ s/^${delim_re}Content-Disposition: (.*?); name="(.*?)"; filename="([^"]+)"${newline_re}//s) {
assert_form_disposition($1);
die "wrong field name '$2' for file upload, expected 'filename'" if $2 ne "filename";
$rstate->{phase} = 2;
- $rstate->{params}->{filename} = $trim->($3);
+ $rstate->{params}->{filename} = trim($3);
+
+ # remove any remaining multipart "headers" like Content-Type
+ $hdl->{rbuf} =~ s/^.*?${newline_re}{2}//s
}
}
return wantarray ? ($ct) : $ct;
}
-sub parse_content_disposition {
- my ($line) = @_;
-
- my ($disp, @params) = split(/\s*[;,]\s*/o, $line);
- my $name;
- my $filename;
-
- foreach my $v (@params) {
- if ($v =~ m/^\s*name\s*=\s*(\S+?)\s*$/o) {
- $name = $1;
- $name =~ s/^"(.*)"$/$1/;
- } elsif ($v =~ m/^\s*filename\s*=\s*(.+?)\s*$/o) {
- $filename = $1;
- $filename =~ s/^"(.*)"$/$1/;
- }
- }
-
- return wantarray ? ($disp, $name, $filename) : $disp;
-}
-
my $tmpfile_seq_no = 0;
sub get_upload_filename {