Mercurial > hg > orthanc
view Resources/Patches/mongoose-3.8-patch.diff @ 2248:69b0f4e8a49b
Escape multipart type parameter value in Content-Type header
## Summary
Multipart responses do not quote/escape the value of their type
parameter (the subtype) even though it always contains at least one
special character (the slash "/"), which confuses standard-compliant
HTTP clients.
## Details
The Content-Type header in HTTP is in RFC 7231, Section 3.1.1.5:
https://tools.ietf.org/html/rfc7231#section-3.1.1.5
The section defers to the media type section (3.1.1.1) for the syntax of
the media type:
https://tools.ietf.org/html/rfc7231#section-3.1.1.1
This states that a parameter value can be quoted:
parameter = token "=" ( token / quoted-string )
A parameter value that matches the token production can be transmitted
either as a token or within a quoted-string. The quoted and unquoted
values are equivalent.
Tokens are defined in RFC 7230, Section 3.2.6 (via RFC 7231, appendix
C):
https://tools.ietf.org/html/rfc7231#appendix-C
https://tools.ietf.org/html/rfc7230#section-3.2.6
Here we observe that tokens cannot contain a slash "/" character:
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
Delimiters are chosen from the set of US-ASCII visual characters not
allowed in a token (DQUOTE and "(),/:;<=>?@[\]{}").
However, the current implementation does not quote/escape the value of
the type parameter:
multipart/related; type=application/dicom
Instead, it should be:
multipart/related; type="application/dicom"
All of this also seems to apply to the MIME Content-Type header
definition, even though it is a little different:
https://www.iana.org/assignments/message-headers
https://tools.ietf.org/html/rfc2045#section-5.1
https://tools.ietf.org/html/rfc2387
author | Thibault Nélis <tn@osimis.io> |
---|---|
date | Mon, 16 Jan 2017 13:07:11 +0100 |
parents | a119f9ae3640 |
children | 8f2bda0719f4 |
line wrap: on
line source
--- mongoose.c.orig 2014-09-01 11:25:18.223466994 +0200 +++ mongoose.c 2014-09-01 11:30:21.807479338 +0200 @@ -50,6 +50,14 @@ #define PATH_MAX FILENAME_MAX #endif // __SYMBIAN32__ +#if __gnu_hurd__ == 1 +/** + * There is no limit on the length on a path under GNU Hurd, so we set + * it to an arbitrary constant. + **/ +#define PATH_MAX 4096 +#endif + #ifndef _WIN32_WCE // Some ANSI #includes are not available on Windows CE #include <sys/types.h> #include <sys/stat.h> @@ -108,8 +116,9 @@ #define strtoll(x, y, z) _atoi64(x) #else #define __func__ __FUNCTION__ -#define strtoull(x, y, z) _strtoui64(x, y, z) -#define strtoll(x, y, z) _strtoi64(x, y, z) +#include <stdlib.h> +//#define strtoull(x, y, z) _strtoui64(x, y, z) +//#define strtoll(x, y, z) _strtoi64(x, y, z) #endif // _MSC_VER #define ERRNO GetLastError()