[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] validate MIME type correctly

From: Daniel Shahaf <d.s_at_daniel.shahaf.co.il>
Date: Mon, 28 Apr 2008 21:03:39 +0300 (IDT)

Stefan Sperling wrote on Mon, 28 Apr 2008 at 19:51 +0200:
> On Mon, Apr 28, 2008 at 01:37:50PM -0400, Greg Hudson wrote:
> >
> > On Mon, 2008-04-28 at 19:18 +0200, Stefan Sperling wrote:
> > > > Stefan Sperling wrote on Mon, 28 Apr 2008 at 17:00 +0200:
> > > > > Btw, if there's any space before the semicolon (i.e. 'text/plain ;')
> > > > > trunk will now raise an error. RFC 1521 seems to agree with this:
> >
> > RFC 1521 has long been obsoleted by RFC 2045-2049, although that grammar
> > isn't materially different in 2045.
> >
> > RFC 822 takes a very a relaxed attitude towards whitespace:
> >
> > 3.1.4. STRUCTURED FIELD BODIES
> >
> > To aid in the creation and reading of structured fields, the
> > free insertion of linear-white-space (which permits folding
> > by inclusion of CRLFs) is allowed between lexical tokens.
> > Rather than obscuring the syntax specifications for these
> > structured fields with explicit syntax for this linear-white-
> > space, the existence of another "lexical" analyzer is assumed.
> >
> > RFC 1521 and 2045 are written in the same style. RFC 2822 (obsoleting
> > 822) cleans this up, but to my knowledge there is no cleaned-up grammar
> > for content-type headers.
>
> Wow, so many numbers. I wasn't aware of the status of RFC 1521,
> thanks for pointing this out!
>
> Anyway, looking at the code again, it seems my assumption that
> it could not deal with whitespace before the semicolon was wrong.
>
> This is how we determine the length of the media type in the mime type:
>
> const apr_size_t len = strcspn(mime_type, "; ")
>
> The declaration of strcspn is:
> size_t strcspn(const char *s, const char *charset)
>
> strcspn "computes the string array index in s of the first
> character of s which is also in charset". We should therefore
> stop counting characters at either ';' or ' '. So the case
> 'plain/text ;' should be handled correctly by the current code,
> for any amount of whitespace before the semicolon. It should be
> handled just as the case 'plain/text; ' is handled.
>
>

What about these? ---

        ' plain/text'
        'plain /text'
        'plain/ text'

Are they valid?

(Sorry; I like edge cases.)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-28 20:03:49 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.