Uploaded image for project: 'Railo'
  1. Railo
  2. RAILO-735

Multi-part form submissions stripping '+' characters

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 3.1
    • Fix Version/s: 3.1
    • Labels:
      None
    • Environment:
      Windows 7, Java 1.6.0_17, Tomcat6

      Description

      I'm seeing a problem with multi-part form submissions. I can recreate the problem on 012 and 013, it doesn't exist on 07. note sure about other versions.

      If a form is submitted with an enctype of multipart/form-data any '+' characters in data enter into text and textarea controls is replaced with spaces. This is with Application/script-protect set to 'None' in web context admin.

      This code will show the problem:

      <html>
      <head>
      <title>Form Test</title>
      </head>
      <body>
      <cfoutput>
      <cfif IsDefined('form.Test')>
      <p>#form.text#</p>
      </cfif>
      <cfform action="formtest.cfm" method="post" enctype="multipart/form-data">
      <input type="text" name="text" >
      <input type="submit" name="test" value="Test">
      </cfform>
      </cfoutput>
      </body>
      </html>

      Enter some text containing '' characters into the input field and submit. The text field in the form scope doesn't contain any '' characters.

        Gliffy Diagrams

          Activity

          Hide
          webRat Todd Rafferty added a comment -

          I can confirmed on .011 as well. I went back to .001 to see if it was still an issue and it's not.

          Show
          webRat Todd Rafferty added a comment - I can confirmed on .011 as well. I went back to .001 to see if it was still an issue and it's not.
          Hide
          GaryRatcliffe Gary Ratcliffe added a comment -

          I think the problem is in FormImpl.java, looking at Subversion this was changed to use URLItem classes after the 01 release. The URLItem instances are being created with a flag indicating that the item is URL encoded set true. In the case of mime multipart the values are not URL encoded. At the moment anything submited using multi-part will go through a URL decode process. Enter %2BHello%2BWorld%2B in the test form and you get Hello+World

          Gary

          Show
          GaryRatcliffe Gary Ratcliffe added a comment - I think the problem is in FormImpl.java, looking at Subversion this was changed to use URLItem classes after the 01 release. The URLItem instances are being created with a flag indicating that the item is URL encoded set true. In the case of mime multipart the values are not URL encoded. At the moment anything submited using multi-part will go through a URL decode process. Enter %2BHello%2BWorld%2B in the test form and you get Hello+World Gary
          Hide
          micstriit Michael Offner added a comment -

          tnx for input

          Show
          micstriit Michael Offner added a comment - tnx for input
          Hide
          micstriit Michael Offner added a comment -

          testcase modified:

          <html>
          <head>
          <title>Form Test</title>
          </head>
          <body>
          <cfoutput>
          <cfif IsDefined('form.Test')>
          <p>#form.text#</p>
          </cfif>
          <cfform action="npe2.cfm" method="post" >
          <input type="text" name="text" value="a+a0">
          <input type="submit" name="test" value="text/plain">
          </cfform>

          <cfform action="npe2.cfm" method="post" enctype="application/x-www-form-urlencoded">
          <input type="text" name="text" value="a+a1">
          <input type="submit" name="test" value="application/x-www-form-urlencoded">
          </cfform>

          <cfform action="npe2.cfm" method="post" enctype="multipart/form-data">
          <input type="text" name="text" value="a+a2">
          <input type="submit" name="test" value="multipart/form-data">
          </cfform>

          </cfoutput>
          </body>
          </html>

          Show
          micstriit Michael Offner added a comment - testcase modified: <html> <head> <title>Form Test</title> </head> <body> <cfoutput> <cfif IsDefined('form.Test')> <p>#form.text#</p> </cfif> <cfform action="npe2.cfm" method="post" > <input type="text" name="text" value="a+a0"> <input type="submit" name="test" value="text/plain"> </cfform> <cfform action="npe2.cfm" method="post" enctype="application/x-www-form-urlencoded"> <input type="text" name="text" value="a+a1"> <input type="submit" name="test" value="application/x-www-form-urlencoded"> </cfform> <cfform action="npe2.cfm" method="post" enctype="multipart/form-data"> <input type="text" name="text" value="a+a2"> <input type="submit" name="test" value="multipart/form-data"> </cfform> </cfoutput> </body> </html>

            People

            • Assignee:
              micstriit Michael Offner
              Reporter:
              GaryRatcliffe Gary Ratcliffe
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development