« Previous Next »

• 04-10-2009, 8:37 PM

  Soporose Joined on 04-10-2009, 8:20 PM Posts 5

  "content-disposition" should not be a filename!!! Reply Contact Hi all. I have a site that uses the FreeAspUpload script (http://www.FreeAspUpload.net) to allow certain people to upload image files to a folder on the server. The application worked fine for over a year. Recently that host was taken over by another hosting company, who proceeded to move websites to their own servers. Things immediately started to go wrong all over the place and support was abysmal, so I moved the site to another host, which solved most problems. However I still have this problem... In IE7 the uploads work as they should, but in Firefox3 the uploaded file is named "content-disposition" and is 0 bytes in size. I'm not sure what server version the site was on originally when everything was running okay (I believe it may have been 2000 or earlier), but it is now being hosted on Windows Server 2003. I know that "content-disposition" appears in the FreeAspUpload code and I've sussed out that it has some official meaning (but I'm not sure what). Any help greatly appreciated.

• 04-16-2009, 1:20 AM

  In reply to

  JaroDunajsky Joined on 04-19-2005, 10:23 PM Redmond Posts 173

  Re: "content-disposition" should not be a filename!!! Reply Contact HTTP spec (RFC 2616) states 15.5 Content-Disposition Issues RFC 1806 [35], from which the often implemented Content-Disposition (see section 19.5.1) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See RFC 2183 [49] (which updates RFC 1806) for details. ---------------------------------------------- By other words the content-disposition has no meaning to IIS itself. ---------------------------------------------- I would use network sniffer (wireshark) or Fiddler to sniff client traffic and look for differences in traffic between Firefox and IE. I'm sorry for not having better answer for you  Jaroslav Dunajsky (MSFT, IIS)

• 04-16-2009, 1:58 AM

  In reply to

  Leo Tang - MSFT Joined on 12-11-2008, 9:47 PM Posts 1,243

  Re: "content-disposition" should not be a filename!!! Reply Contact Hi, Soporose: In IE7 the uploads work as they should, but in Firefox3 the uploaded file is named "content-disposition" and is 0 bytes in size. Does any file type uploading has this issue? Is it specific to Firefox browser? The following document describes the values of "content-disposition" header, for your reference: http://www.ietf.org/rfc/rfc1806.txt Leo Tang Microsoft Online Community Support Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• 04-16-2009, 7:27 PM

  In reply to

  Soporose Joined on 04-10-2009, 8:20 PM Posts 5

  Re: "content-disposition" should not be a filename!!! Reply Contact   Thanks for the replies. Jaroslav: Considering that the Asp website application used to work fine in Firefox3, IE6 and IE7 when it was hosted on the old server, isn't the problem more likely to lie with the version of IIS than the browser? The site was up and running fine for a couple of years, so it's very likely that it was running under an older version of IIS. Unfortunately with the previous hosts having been bought out and all hosted domains transferred to the new owner's servers, there is no way I can determine what version of operating system and IIS it was originally running on. Do you think that's a likely explanation? As for sniffing the client traffic, not sure I'd know what I'm looking at, but I'll look into it. Leo: Yes, any type of file. It happens in Firefox and (I've just discovered) Google Chrome as well. Internet Explorer is fine.

• 04-17-2009, 10:08 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 6:27 AM Central NJ Posts 6,459	Re: "content-disposition" should not be a filename!!! Reply Contact What happens if you just use some simple ASP.NET code to handle the upload? http://msdn.microsoft.com/en-us/library/ms227669.aspx Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 04-17-2009, 9:21 PM

  In reply to

  Soporose Joined on 04-10-2009, 8:20 PM Posts 5

  Re: "content-disposition" should not be a filename!!! Reply Contact tomkmvp: What happens if you just use some simple ASP.NET code to handle the upload? http://msdn.microsoft.com/en-us/library/ms227669.aspx Well, the situation is this... The coder who wrote this application in the first place has "gone missing". I remember enough Asp to be able to read and understand most of the code and to track down where the error lies. He used a chunk of code from the freely available FreeAspUpload for the file upload feature. However I've never had anything to do with Asp.net and I'm not really in a position right now to take the time to learn it, so I'm hesitant to try and go in that direction.