Bug#1050644: libapache2-mod-apreq2: Stops parsing input after empty file name in POST
Package: libapache2-mod-apreq2
Version: 2.17-3
Severity: important
Tags: upstream
Dear Maintainer,
When POSTing a form to the server that includes a file upload input element,
libapache2-mod-apreq2 stops parsing the input if the file name is empty, i.e.
the user didn't select a file to upload, but the rest of the form is populated.
For example when submitting this form without selecting a file to upload,
<FORM METHOD="POST" enctype="multipart/form-data" action="processupload.html" >
<input type=hidden name=id value=211>
<input id="new_doc_file" type="file" name="new_doc_file">
<textarea name="new_doc_title" class="inptitle">Blank PDF Title</textarea>
<INPUT TYPE="submit" NAME="add_submit_button" VALUE="Submit">
</form>
only id=211 is available to the code, new_doc_title and add_submit_button are not set.
This bug is fixed in the latest upstream source code.
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-11-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libapache2-mod-apreq2 depends on:
ii apache2-bin [apache2-api-20120211] 2.4.57-2
ii libapr1 1.7.2-3
ii libapreq2-3 2.17-3
ii libaprutil1 1.6.3-1
ii libc6 2.36-9+deb12u1
libapache2-mod-apreq2 recommends no packages.
libapache2-mod-apreq2 suggests no packages.
-- no debconf information
Reply to: