suikabreaker
commented
2 years ago @zhuizhuhaomeng Also, can you review this PR? I will rebase later PR to the earlier accepted one.
Open suikabreaker opened 2 years ago
suikabreaker
commented
2 years ago @zhuizhuhaomeng Also, can you review this PR? I will rebase later PR to the earlier accepted one.
xiaocang
commented
2 years ago According to rfc 7578 section 4.1, the boundary must:
constructed using CRLF, "--", and the value of the "boundary" parameter
It looks like it is not meeting the standard
suikabreaker
commented
2 years ago According to rfc 7578 section 4.1, the boundary must:
constructed using CRLF, "--", and the value of the "boundary" parameter
It looks like it is not meeting the standard
I am aware of the RFC's requirements. But the fact is that Apache(mod_upload) and Nginx(upload module) (and maybe many other platforms) are compatible with requests using LF as line breaks, which may be a de facto standard compared to the RFC. To use OpenResty and resty.upload to act as a WAF filtering request body will be cheated by a malicious request that intentionally uses LF line breaks.
xiaocang
commented
2 years ago @suikabreaker could you modify the code style by referring to another PR (#63) and rebase the latest master
suikabreaker
commented
2 years ago @suikabreaker could you modify the code style by referring to another PR (#63) and rebase the latest master
Not quite sure about the code style but I've checked for typos and added documentation.
suikabreaker
commented
2 years ago The old bug shows again... Sorry but I don't have much time for it recently. Eventually I will fix that.
Fix #61