diff --git a/multipart/multipart.py b/multipart/multipart.py index 6ec1364..73910da 100644 --- a/multipart/multipart.py +++ b/multipart/multipart.py @@ -99,6 +99,11 @@ def parse_options_header(value: Union[str, bytes]) -> Tuple[bytes, Dict[bytes, b options = {} for param in params: key, value = param + # If the value returned from get_params() is a 3-tuple, the last + # element corresponds to the value. + # See: https://docs.python.org/3/library/email.compat32-message.html + if isinstance(value, tuple): + value = value[-1] # If the value is a filename, we need to fix a bug on IE6 that sends # the full file path instead of the filename. if key == 'filename': diff --git a/tests/test_multipart.py b/tests/test_multipart.py index 2ceecab..5cfacf4 100644 --- a/tests/test_multipart.py +++ b/tests/test_multipart.py @@ -276,6 +276,11 @@ def test_redos_attack_header(self): # If vulnerable, this test wouldn't finish, the line above would hang self.assertIn(b'"\\', p[b'!']) + def test_handles_rfc_2231(self): + t, p = parse_options_header(b'text/plain; param*=us-ascii\'en-us\'encoded%20message') + + self.assertEqual(p[b'param'], b'encoded message') + class TestBaseParser(unittest.TestCase): def setUp(self):