Open suikabreaker opened 2 years ago
@zhuizhuhaomeng Also, can you review this PR? I will rebase later PR to the earlier accepted one.
According to rfc 7578 section 4.1, the boundary must:
constructed using CRLF, "--", and the value of the "boundary" parameter
It looks like it is not meeting the standard
According to rfc 7578 section 4.1, the boundary must:
constructed using CRLF, "--", and the value of the "boundary" parameter
It looks like it is not meeting the standard
I am aware of the RFC's requirements. But the fact is that Apache(mod_upload
) and Nginx(upload module
) (and maybe many other platforms) are compatible with requests using LF as line breaks, which may be a de facto standard compared to the RFC. To use OpenResty and resty.upload to act as a WAF filtering request body will be cheated by a malicious request that intentionally uses LF line breaks.
@suikabreaker could you modify the code style by referring to another PR (#63) and rebase the latest master
@suikabreaker could you modify the code style by referring to another PR (#63) and rebase the latest master
Not quite sure about the code style but I've checked for typos and added documentation.
The old bug shows again... Sorry but I don't have much time for it recently. Eventually I will fix that.
Fix #61