Re: [WIP] tests: add test for case insensitive Content-Disposition

Subject: Re: [WIP] tests: add test for case insensitive Content-Disposition

Date: Sun, 18 Oct 2015 14:58:01 +0300

To: David Bremner, David Bremner, Johannes Schauer,


From: Jani Nikula

On Tue, 06 Oct 2015, David Bremner <> wrote:
> These broken now, but will be fixed in the next commit
> ---
> The first test is OK, but the second one currently fails. It isn't
> clear to me if content dispositions permit RFC2047 style
> encoding. GMime does not decode them automatically (hence this test is
> failing). What is true is that the RFC states "Unrecognized
> disposition types should be treated as `attachment'". So maybe the
> logic in patch 1 should be reversed to check != 'inline'.

> +Content-Type: text/plain
> +Content-Disposition: =?utf-8?b?YXR0YWNobWVudDsgZmlsZW5hbWU9ImJlZ3LDvMOfdW5n?=
> + =?utf-8?b?LnBkZiI=?=
> +Content-Description: this is a very exciting file

Did you handcraft the example, or did some program actually produce
this? I don't think this is [RFC 2231] compliant. IIUC only the content
disposition parameter values may contain encoded words with
charset/language specification. Like this,

Content-Disposition: attachment; filename="=?utf-8?B?cMOkw6RtaWVz?="

We currently handle that correctly, and UTF-8 searches with attachment:
prefix work. It's just that the disposition-type (usually "attachment"
or "inline") should be interpreted case insensitive, which we currently
fail at.

What should we do about malformed content-disposition fields then? I
think I'd just defer this to gmime.

Sadly email seems to be a prime example of rampant robustness principle
abuse. It has degenerated into, "Be liberal in what you send, be liberal
in what you accept", which is getting dangerously close to the GIGO


[RFC 2231]