ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/gems/multipart
History
Jonathan Featherstone 86eeed2acf Escape filename for multipart form uploads 
Unescaped filenames were causing issues in multipart form uploads.
Filenames that had unmatched quotes were corrupting the payload and
causing direct uploads to inst-fs to fail (anything uploaded from
the app server directly). This was not an issue for files uploaded
from browsers.

Escape the names before injecting them into the multipart payload.

Test plan: specs

refs SAS-1400

Change-Id: Ib842652ed7cf0bd3cab88c81e69586620eced679
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/225242
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jonathan Featherstone <jfeatherstone@instructure.com>
Product-Review: Jonathan Featherstone <jfeatherstone@instructure.com>
 		2020-02-04 17:32:54 +00:00
..
lib Escape filename for multipart form uploads 2020-02-04 17:32:54 +00:00
spec restore and fix "stream inst-fs direct uploads" 2018-08-30 18:37:07 +00:00
.rspec extract multipart gem 2014-02-28 23:00:09 +00:00
Gemfile clarify Slug vs. UUID and fix event stream 2014-07-11 16:58:42 +00:00
Rakefile extract multipart gem 2014-02-28 23:00:09 +00:00
multipart.gemspec update mime-types 2019-02-27 17:05:14 +00:00
test.sh simplify gem test harnesses 2016-01-19 17:52:58 +00:00