Item12371: Request cache breaks when there is a POST parameter with empty name
Priority: Normal
Current State: Closed
Released In: 1.1.7
Target Release: patch
Foswiki::Request::Cache stores the request in a special format: first a few pieces of HTTP metadata, then a line with a single '=', then the POST parameters, then another '=' line, and finally a list of uploaded files, if any.
If the request contained an "empty" POST parameter (e.g. "foo=bar;=;baz=quux"), the POST parameters will be serialized in a way that makes the output contain a '=' line. This majorly confuses the loader, since it assumes that all following POST parameters are file uploads, and it dies when it tries to treat these key-value pairs as filenames.
A potential backward-compatible fix (that only breaks for already broken cache requests) is to encode an empty field name as '%' (which is otherwise invalid due to the URL encoding used on field names). So, '=bar' would be stored as '%=bar'.
--
JanKrueger - 29 Jan 2013
Fix made by
JanKrueger, removes any POSTed field with an empty name and value before writing the cache, and changes the ending delimiter to be an = without a value.
--
GeorgeClark - 29 Jan 2013