From 93cedc82f29076c824d476354527af1150888e4f Mon Sep 17 00:00:00 2001
From: Mehrdad <mhrddmoradii@gmail.com>
Date: Fri, 27 May 2022 13:18:06 -0400
Subject: [PATCH] Refs #33697 -- Fixed multipart parsing of headers with double
 quotes and semicolons.

See https://github.com/python/cpython/commit/1ef0c0349e8fdb5415e21231cb42edbf232b742a
---
 django/http/multipartparser.py | 2 +-
 tests/file_uploads/tests.py    | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py
index 308fbfa385..26fb2bc41f 100644
--- a/django/http/multipartparser.py
+++ b/django/http/multipartparser.py
@@ -748,7 +748,7 @@ def _parse_header_params(s):
     while s[:1] == b";":
         s = s[1:]
         end = s.find(b";")
-        while end > 0 and s.count(b'"', 0, end) % 2:
+        while end > 0 and (s.count(b'"', 0, end) - s.count(b'\\"', 0, end)) % 2:
             end = s.find(b";", end + 1)
         if end < 0:
             end = len(s)
diff --git a/tests/file_uploads/tests.py b/tests/file_uploads/tests.py
index c96f36e2a1..44c54d908e 100644
--- a/tests/file_uploads/tests.py
+++ b/tests/file_uploads/tests.py
@@ -944,3 +944,9 @@ class MultiParserTests(SimpleTestCase):
         for raw_line, expected_title in test_data:
             parsed = parse_header(raw_line)
             self.assertEqual(parsed[1]["title"], expected_title)
+
+    def test_parse_header_with_double_quotes_and_semicolon(self):
+        self.assertEqual(
+            parse_header(b'form-data; name="files"; filename="fo\\"o;bar"'),
+            ("form-data", {"name": b"files", "filename": b'fo"o;bar'}),
+        )