Greedy matching caused boundary string to contain quotation mark, making it invalid for determining part boundaries

Author: ebimmel-ysp

src/Io/MultipartParser.php

@@ -93,7 +93,7 @@ public function __construct($uploadMaxFilesize = null, $maxFileUploads = null)
     public function parse(ServerRequestInterface $request)
     {
         $contentType = $request->getHeaderLine('content-type');
-        if(!\preg_match('/boundary="?(.*)"?$/', $contentType, $matches)) {
+        if(!\preg_match('/boundary="?(.*?)"?$/', $contentType, $matches)) {
             return $request;
         }
 

tests/Io/MultipartParserTest.php

@@ -66,6 +66,39 @@ public function testPostKey()
         );
     }
 
+    public function testPostWithQuotationMarkEncapsulatedBoundary()
+    {
+        $boundary = "---------------------------5844729766471062541057622570";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"users[one]\"\r\n";
+        $data .= "\r\n";
+        $data .= "single\r\n";
+        $data .= "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"users[two]\"\r\n";
+        $data .= "\r\n";
+        $data .= "second\r\n";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/form-data; boundary="' . $boundary . '"',
+        ), $data, 1.1);
+
+        $parser = new MultipartParser();
+        $parsedRequest = $parser->parse($request);
+
+        $this->assertEmpty($parsedRequest->getUploadedFiles());
+        $this->assertSame(
+            array(
+                'users' => array(
+                    'one' => 'single',
+                    'two' => 'second',
+                ),
+            ),
+            $parsedRequest->getParsedBody()
+        );
+    }
+
     public function testPostStringOverwritesMap()
     {
         $boundary = "---------------------------5844729766471062541057622570";