397111 Allow multipart bodies with leading blank lines

jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java

@@ -151,7 +151,18 @@ public class MultiPartFilter implements Filter
             if (line == null || line.length() == 0)
                 throw new IOException("Missing content for multipart request");
 
-            if (!line.equals(boundary))
+            boolean badFormatLogged = false;
+            while (line != null && !line.equals(boundary))
+            {
+                if (!badFormatLogged)
+                {
+                    LOG.warn("Badly formatted multipart request");
+                    badFormatLogged = true;
+                }
+                line=((ReadLineInputStream)in).readLine();
+            }
+            
+            if (line == null || line.length() == 0)
                 throw new IOException("Missing initial multi part boundary");
             
             // Read each part

jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java

@@ -648,7 +648,73 @@ public class MultipartFilterTest
         assertTrue(response.getReason().startsWith("Missing initial"));
     }
 
+    @Test
+    public void testLeadingWhitespaceBodyWithCRLF()
+    throws Exception
+    {
+        String boundary = "AaB03x";
 
+        String body = "              \n\n\n\r\n\r\n\r\n\r\n"+
+        "--AaB03x\r\n"+
+        "content-disposition: form-data; name=\"field1\"\r\n"+
+        "\r\n"+
+        "Joe Blow\r\n"+
+        "--AaB03x\r\n"+
+        "Content-Disposition: form-data; name=\"fileup\"; filename=\"test.upload\"\r\n"+
+        "Content-Type: application/octet-stream\r\n"+
+        "\r\n" +
+        "aaaa,bbbbb"+"\r\n" +
+        "--AaB03x--\r\n";
+
+        // generated and parsed test
+        HttpTester request = new HttpTester();
+        HttpTester response = new HttpTester();
+        request.setMethod("POST");
+        request.setVersion("HTTP/1.0");
+        request.setHeader("Host","tester");
+        request.setURI("/context/dump");
+        request.setHeader("Content-Type","multipart/form-data; boundary="+boundary);
+        request.setContent(body);
+
+        response.parse(tester.getResponses(request.generate()));
+        assertTrue(response.getMethod()==null);
+        assertEquals(HttpServletResponse.SC_OK, response.getStatus());
+        assertTrue(response.getContent().contains("aaaa,bbbbb"));
+    }
+
+    @Test
+    public void testLeadingWhitespaceBodyWithoutCRLF()
+    throws Exception
+    {
+        String boundary = "AaB03x";
+
+        String body = "              "+
+        "--AaB03x\r\n"+
+        "content-disposition: form-data; name=\"field1\"\r\n"+
+        "\r\n"+
+        "Joe Blow\r\n"+
+        "--AaB03x\r\n"+
+        "Content-Disposition: form-data; name=\"fileup\"; filename=\"test.upload\"\r\n"+
+        "Content-Type: application/octet-stream\r\n"+
+        "\r\n" +
+        "aaaa,bbbbb"+"\r\n" +
+        "--AaB03x--\r\n";
+
+        // generated and parsed test
+        HttpTester request = new HttpTester();
+        HttpTester response = new HttpTester();
+        request.setMethod("POST");
+        request.setVersion("HTTP/1.0");
+        request.setHeader("Host","tester");
+        request.setURI("/context/dump");
+        request.setHeader("Content-Type","multipart/form-data; boundary="+boundary);
+        request.setContent(body);
+
+        response.parse(tester.getResponses(request.generate()));
+        assertTrue(response.getMethod()==null);
+        assertEquals(HttpServletResponse.SC_OK, response.getStatus());
+        assertTrue(response.getContent().contains("aaaa,bbbbb"));
+    }
     
 
     /*