I agree it looks bogus, but safari and firefox send the header in that format. Not sure about IE since Windows does not allow files with a " in the name.
I looked over the Content-Disposition header RFC but it does not seem to address escaping directly. Either way, it seems that this format is a "browser fact of life" -miles On Fri, Jan 2, 2009 at 4:44 PM, Adam Prime <adam.pr...@utoronto.ca> wrote: > Miles Crawford wrote: >> >> When you handle a multipart/form-data post with libapreq quotes in >> filenames are mishandled. For example, a post that includes: >> >> Content-Disposition: form-data; name="foo"; filename="break"here.jpg" > > Isn't that a malformed header? I would think that the internal '"' should > be escaped for it to be properly represent that filename. Assuming that's > the case, the rest of the behavior that you describe is what I'd expect. > > Adam >
