dxbjavid opened a new pull request, #3212: URL: https://github.com/apache/cxf/pull/3212
AttachmentSerializer.writeHeaders writes each part header name and value straight into the multipart stream, so an attachment whose Content-Disposition carries a filename with a bare CR or LF (for instance a filename taken from an uploaded part) ends the header line early and injects extra part headers into the serialised MTOM or multipart body. It seemed safest to handle this where the bytes are actually written rather than at each place a header gets built, so this strips CR and LF from the header name and values in writeHeaders itself. There is a test that serialises an attachment with an embedded line break and checks the injected header does not appear. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
