Friday 20 October 2017

http - What if the form-data boundary is contained in the attached file?

Let's take the following example of
multipart/form-data href="http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2"
rel="noreferrer">taken from
w3.com:



Content-Type:
            multipart/form-data;
            boundary=AaB03x


--AaB03x
Content-Disposition:
            form-data;
            name="submit-name"

Larry
--AaB03x
Content-Disposition:
            form-data; name="files"; filename="file1.txt"
Content-Type:
            text/plain

... contents of file1.txt
            ...
--AaB03x--



It's
pretty straight forward, but let's say you are writing code that implements this and
creates such a request from scratch. Let's assume file1.txt is
created by a user, and we have no control over its
contents.



What if the text file
file1.txt contains the string
--AaB03x? You likely generated the boundary
AaB03x randomly, but let's assume a href="http://en.wikipedia.org/wiki/Infinite_monkey_theorem" rel="noreferrer">"million
monkeys entering a million web forms"
scenario.



Is there a
standard way of dealing with this improbably but still
possible situation?



Should the
text/plain (or even, potentially something like
image/jpeg or
application/octet-stream) be "encoded" or some of the
information within "escaped" in some sort of
way?




Or should the developer always
search the contents of the file for the boundary, and then repeatedly keep picking a new
randomly generated boundary until the chosen string cannot be found within the
file?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...