master

分支 (21)

标签 (14)

管理

管理

master

openEuler-24.03-LTS

openEuler-22.03-LTS-SP4

openEuler-20.03-LTS-SP4

openEuler-22.03-LTS-SP3

openEuler-24.03-LTS-SP1

openEuler-24.03-LTS-Next

openEuler-22.03-LTS-SP1

openEuler-24.09

openEuler-20.03-LTS-SP1

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS

openEuler-20.03-LTS-SP3

openEuler-22.03-LTS-Next

openEuler-23.09

openEuler-23.03

Multi-Version_OpenStack-Train_openEuler-22.03-LTS-Next

Multi-Version_OpenStack-Wallaby_openEuler-22.03-LTS-Next

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP2

openEuler-24.03-LTS-update-20241018

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round4

openEuler-20.03-LTS-SP3-release

python-aiohttp
/
CVE-2024-30251-PR-8332-482e6cdf-backp...

From 7eecdff163ccf029fbb1ddc9de4169d4aaeb6597 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Mon, 15 Apr 2024 20:47:19 +0100
Subject: [PATCH] [PR #8332/482e6cdf backport][3.9] Add set_content_disposition
 test (#8333)

**This is a backport of PR #8332 as merged into master
(482e6cdf6516607360666a48c5828d3dbe959fbd).**

Co-authored-by: Oleg A <t0rr@mail.ru>
---
 CHANGES/8332.bugfix.rst | 1 +
 aiohttp/multipart.py    | 7 +++++--
 tests/test_multipart.py | 7 +++++++
 3 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 CHANGES/8332.bugfix.rst

diff --git a/CHANGES/8332.bugfix.rst b/CHANGES/8332.bugfix.rst
new file mode 100644
index 0000000000..70cad26b42
--- /dev/null
+++ b/CHANGES/8332.bugfix.rst
@@ -0,0 +1 @@
+Fixed regression with adding Content-Disposition to form-data part after appending to writer -- by :user:`Dreamsorcerer`/:user:`Olegt0rr`.
diff --git a/aiohttp/multipart.py b/aiohttp/multipart.py
index a43ec54571..fcdf16183c 100644
--- a/aiohttp/multipart.py
+++ b/aiohttp/multipart.py
@@ -848,8 +848,6 @@ def append_payload(self, payload: Payload) -> Payload:
         if self._is_form_data:
             # https://datatracker.ietf.org/doc/html/rfc7578#section-4.7
             # https://datatracker.ietf.org/doc/html/rfc7578#section-4.8
-            assert CONTENT_DISPOSITION in payload.headers
-            assert "name=" in payload.headers[CONTENT_DISPOSITION]
             assert (
                 not {CONTENT_ENCODING, CONTENT_LENGTH, CONTENT_TRANSFER_ENCODING}
                 & payload.headers.keys()
@@ -930,6 +928,11 @@ def size(self) -> Optional[int]:
     async def write(self, writer: Any, close_boundary: bool = True) -> None:
         """Write body."""
         for part, encoding, te_encoding in self._parts:
+            if self._is_form_data:
+                # https://datatracker.ietf.org/doc/html/rfc7578#section-4.2
+                assert CONTENT_DISPOSITION in part.headers
+                assert "name=" in part.headers[CONTENT_DISPOSITION]
+
             await writer.write(b"--" + self._boundary + b"\r\n")
             await writer.write(part._binary_headers)

diff --git a/tests/test_multipart.py b/tests/test_multipart.py
index dbfaf74b9b..37ac54797f 100644
--- a/tests/test_multipart.py
+++ b/tests/test_multipart.py
@@ -1282,6 +1282,13 @@ def test_append_multipart(self, writer) -> None:
         part = writer._parts[0][0]
         assert part.headers[CONTENT_TYPE] == "test/passed"

+    async def test_set_content_disposition_after_append(self):
+        writer = aiohttp.MultipartWriter("form-data")
+        payload = writer.append("some-data")
+        payload.set_content_disposition("form-data", name="method")
+        assert CONTENT_DISPOSITION in payload.headers
+        assert "name=" in payload.headers[CONTENT_DISPOSITION]
+
     def test_with(self) -> None:
         with aiohttp.MultipartWriter(boundary=":") as writer:
             writer.append("foo")