Fix IndexError in parse_content_disposition when param value is empty

[JSap0914]

Bug

parse_content_disposition raises an unhandled IndexError: string index out of range when a Content-Disposition header contains a parameter with an empty value, such as:

attachment; filename=

The inner helper is_quoted indexes string[0] without first checking that the string is non-empty:

def is_quoted(string: str) -> bool:
    return string[0] == string[-1] == '"'  # crashes on empty string

Fix

Added a len(string) >= 2 guard before indexing — a quoted-string requires at minimum two characters (the opening and closing ").

def is_quoted(string: str) -> bool:
    return len(string) >= 2 and string[0] == string[-1] == '"'

The function now correctly warns with BadContentDispositionHeader and returns (None, {}) for this malformed input instead of crashing.

Verification

pytest tests/test_multipart_helpers.py -q
100 passed, 5 skipped in 0.38s

Two new tests were added:

• test_empty_param_value_no_crash — attachment; filename=
• test_empty_param_value_multiple — attachment; name=foo; filename=

[Copilot]

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.95%. Comparing base (db5c238) to head (f73bbb6).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #12948   +/-   ##
=======================================
  Coverage   98.95%   98.95%           
=======================================
  Files         131      131           
  Lines       47998    48008   +10     
  Branches     2494     2494           
=======================================
+ Hits        47498    47508   +10     
  Misses        376      376           
  Partials      124      124           

Flag	Coverage Δ
Autobahn	22.27% <18.18%> (-0.01%)	⬇️
CI-GHA	98.90% <100.00%> (+<0.01%)	⬆️
OS-Linux	98.66% <100.00%> (+<0.01%)	⬆️
OS-Windows	97.03% <100.00%> (+<0.01%)	⬆️
OS-macOS	97.94% <100.00%> (+<0.01%)	⬆️
Py-3.10	98.14% <100.00%> (+<0.01%)	⬆️
Py-3.11	98.41% <100.00%> (+<0.01%)	⬆️
Py-3.12	98.50% <100.00%> (-0.01%)	⬇️
Py-3.13	98.47% <100.00%> (-0.01%)	⬇️
Py-3.14	98.49% <100.00%> (+<0.01%)	⬆️
Py-3.14t	97.57% <100.00%> (-0.01%)	⬇️
Py-pypy-3.11	97.44% <100.00%> (-0.01%)	⬇️
VM-macos	97.94% <100.00%> (+<0.01%)	⬆️
VM-ubuntu	98.66% <100.00%> (+<0.01%)	⬆️
VM-windows	97.03% <100.00%> (+<0.01%)	⬆️
cython-coverage	38.02% <9.09%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

[codspeed-hq]

Merging this PR will not alter performance

✅ 83 untouched benchmarks
⏩ 83 skipped benchmarks¹

---

_{Comparing JSap0914:fix-parse-mimetype-star-subtype (f73bbb6) with master (db5c238)}

Footnotes

1. 83 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩