multipart/form-data filename="" not handled as file
|Reported by:||j@…||Owned by:||nobody|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||yes||Patch needs improvement:||yes|
Django does not parse file uploads with empty filename as file objects in multipart/form-data requests.
This happens currently if you try to upload a Blob in Firefox 4 (https://bugzilla.mozilla.org/show_bug.cgi?id=649150)
Firefox sends this:
Content-Disposition: form-data; name="fieldname"; filename="" Content-Type: content/type DATA
Reading the related RFCs there is no mention that filename="" is not allowed and the existence of the filename parameter should be enough to treat it as a file.
looking at django/http/multipartparser.py
file_name = disposition.get('filename') if not file_name: continue
this would need to set a default filename instead of bailing out
(i.e. if file_name == : file_name = 'data.bin)
this would need to check
if 'filename' in params: