Handle invalid Content-Disposition filename encodings

Use BINARY for this, as we do for multipart encodings. Extract a find_encoding method for this.
jeremyevans · Apr 28, 2023 · e3a9d3a · e3a9d3a
1 parent 51b0c26
commit e3a9d3a
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb
@@ -375,7 +375,7 @@ def handle_mime_head
           if filename_star
             encoding, _, filename = filename_star.split("'", 3)
             filename = normalize_filename(filename || '')
-            filename.force_encoding(::Encoding.find(encoding))
+            filename.force_encoding(find_encoding(encoding))
           elsif filename
             filename = $1 if filename =~ /^"(.*)"$/
             filename = normalize_filename(filename)
@@ -457,11 +457,7 @@ def tag_multipart_encoding(filename, content_type, name, body)
               v.strip!
               v = v[1..-2] if v.start_with?('"') && v.end_with?('"')
               if k == "charset"
-                encoding = begin
-                  Encoding.find v
-                rescue ArgumentError
-                  Encoding::BINARY
-                end
+                encoding = find_encoding(v)
               end
             end
           end
@@ -471,6 +467,15 @@ def tag_multipart_encoding(filename, content_type, name, body)
         body.force_encoding(encoding)
       end
 
+      # Return the related Encoding object. However, because
+      # enc is submitted by the user, it may be invalid, so
+      # use a binary encoding in that case.
+      def find_encoding(enc)
+        Encoding.find enc
+      rescue ArgumentError
+        Encoding::BINARY
+      end
+
       def handle_empty_content!(content)
         if content.nil? || content.empty?
           raise EmptyContentError