Railo
  1. Railo
  2. RAILO-735

Multi-part form submissions stripping '+' characters

    Details

    • Type: Bug Bug
    • Status: Resolved (View Workflow)
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 3.1.2.013, 3.1.2.012
    • Fix Version/s: 3.1.2.014
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Environment:
      Windows 7, Java 1.6.0_17, Tomcat6
    • Similar Issues:
      Show 10 results 

      Description

      I'm seeing a problem with multi-part form submissions. I can recreate the problem on 012 and 013, it doesn't exist on 07. note sure about other versions.

      If a form is submitted with an enctype of multipart/form-data any '+' characters in data enter into text and textarea controls is replaced with spaces. This is with Application/script-protect set to 'None' in web context admin.

      This code will show the problem:

      <html>
      <head>
      <title>Form Test</title>
      </head>
      <body>
      <cfoutput>
      <cfif IsDefined('form.Test')>
      <p>#form.text#</p>
      </cfif>
      <cfform action="formtest.cfm" method="post" enctype="multipart/form-data">
      <input type="text" name="text" >
      <input type="submit" name="test" value="Test">
      </cfform>
      </cfoutput>
      </body>
      </html>

      Enter some text containing '' characters into the input field and submit. The text field in the form scope doesn't contain any '' characters.

        Activity

        Hide
        Todd Rafferty added a comment -

        I can confirmed on .011 as well. I went back to .001 to see if it was still an issue and it's not.

        Show
        Todd Rafferty added a comment - I can confirmed on .011 as well. I went back to .001 to see if it was still an issue and it's not.
        Hide
        Gary Ratcliffe added a comment -

        I think the problem is in FormImpl.java, looking at Subversion this was changed to use URLItem classes after the 01 release. The URLItem instances are being created with a flag indicating that the item is URL encoded set true. In the case of mime multipart the values are not URL encoded. At the moment anything submited using multi-part will go through a URL decode process. Enter %2BHello%2BWorld%2B in the test form and you get Hello+World

        Gary

        Show
        Gary Ratcliffe added a comment - I think the problem is in FormImpl.java, looking at Subversion this was changed to use URLItem classes after the 01 release. The URLItem instances are being created with a flag indicating that the item is URL encoded set true. In the case of mime multipart the values are not URL encoded. At the moment anything submited using multi-part will go through a URL decode process. Enter %2BHello%2BWorld%2B in the test form and you get Hello+World Gary
        Hide
        Michael Offner added a comment -

        tnx for input

        Show
        Michael Offner added a comment - tnx for input
        Hide
        Michael Offner added a comment -

        testcase modified:

        <html>
        <head>
        <title>Form Test</title>
        </head>
        <body>
        <cfoutput>
        <cfif IsDefined('form.Test')>
        <p>#form.text#</p>
        </cfif>
        <cfform action="npe2.cfm" method="post" >
        <input type="text" name="text" value="a+a0">
        <input type="submit" name="test" value="text/plain">
        </cfform>

        <cfform action="npe2.cfm" method="post" enctype="application/x-www-form-urlencoded">
        <input type="text" name="text" value="a+a1">
        <input type="submit" name="test" value="application/x-www-form-urlencoded">
        </cfform>

        <cfform action="npe2.cfm" method="post" enctype="multipart/form-data">
        <input type="text" name="text" value="a+a2">
        <input type="submit" name="test" value="multipart/form-data">
        </cfform>

        </cfoutput>
        </body>
        </html>

        Show
        Michael Offner added a comment - testcase modified: <html> <head> <title>Form Test</title> </head> <body> <cfoutput> <cfif IsDefined('form.Test')> <p>#form.text#</p> </cfif> <cfform action="npe2.cfm" method="post" > <input type="text" name="text" value="a+a0"> <input type="submit" name="test" value="text/plain"> </cfform> <cfform action="npe2.cfm" method="post" enctype="application/x-www-form-urlencoded"> <input type="text" name="text" value="a+a1"> <input type="submit" name="test" value="application/x-www-form-urlencoded"> </cfform> <cfform action="npe2.cfm" method="post" enctype="multipart/form-data"> <input type="text" name="text" value="a+a2"> <input type="submit" name="test" value="multipart/form-data"> </cfform> </cfoutput> </body> </html>

          People

          • Assignee:
            Michael Offner
            Reporter:
            Gary Ratcliffe
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development