From f9912a8e3977de6c737c8bed964ed94fa58d88b8 Mon Sep 17 00:00:00 2001 From: Jaret Pfluger Date: Sat, 27 Sep 2014 18:48:51 -0500 Subject: [PATCH 1/4] added a .gitignore file --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bd2c217 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +node_modules/ +*.DS_Store From c8d0eae90cff13eb31c6c245f0d5f24f5b0be45e Mon Sep 17 00:00:00 2001 From: Jaret Pfluger Date: Sat, 27 Sep 2014 19:35:17 -0500 Subject: [PATCH 2/4] added fieldNameSize functionality and updated tests accordingly --- lib/types/multipart.js | 9 +++++---- lib/utils.js | 9 +++++++-- test/test-types-multipart.js | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 6 deletions(-) diff --git a/lib/types/multipart.js b/lib/types/multipart.js index e166625..8b4fe6a 100644 --- a/lib/types/multipart.js +++ b/lib/types/multipart.js @@ -2,8 +2,6 @@ // * support 1 nested multipart level // (see second multipart example here: // http://www.w3.org/TR/html401/interact/forms.html#didx-multipartform-data) -// * support limits.fieldNameSize -// -- this will require modifications to utils.parseParams var ReadableStream = require('stream').Readable || require('readable-stream'), inherits = require('util').inherits; @@ -71,7 +69,10 @@ function Multipart(boy, cfg) { : Infinity), partsLimit = (limits && typeof limits.parts === 'number' ? limits.parts - : Infinity); + : Infinity), + fieldNameSizeLimit = (limits && typeof limits.fieldNameSize === 'number' + ? limits.fieldNameSize + : 100); var nfiles = 0, nfields = 0, @@ -149,7 +150,7 @@ function Multipart(boy, cfg) { charset = defCharset; if (header['content-disposition']) { - parsed = parseParams(header['content-disposition'][0]); + parsed = parseParams(header['content-disposition'][0], fieldNameSizeLimit); if (!RE_FIELD.test(parsed[0])) return skipPart(part); for (i = 0, len = parsed.length; i < len; ++i) { diff --git a/lib/utils.js b/lib/utils.js index ed3129e..333fd2b 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -4,7 +4,7 @@ var RE_ENCODED = /%([a-fA-F0-9]{2})/g; function encodedReplacer(match, byte) { return String.fromCharCode(parseInt(byte, 16)); } -function parseParams(str) { +function parseParams(str,fieldNameSize) { var res = [], state = 'key', charset = '', @@ -73,7 +73,12 @@ function parseParams(str) { } else if (!inquote && (str[i] === ' ' || str[i] === '\t')) continue; } - tmp += str[i]; + + if (state !== 'value' || fieldNameSize === undefined) { + tmp += str[i]; + } else if ( tmp.length < fieldNameSize ) { + tmp += str[i]; + } } if (charset && tmp.length) { tmp = decodeText(tmp.replace(RE_ENCODED, encodedReplacer), diff --git a/test/test-types-multipart.js b/test/test-types-multipart.js index e6bf519..64fb2c8 100644 --- a/test/test-types-multipart.js +++ b/test/test-types-multipart.js @@ -193,6 +193,40 @@ var tests = [ ], what: 'Empty content-type and empty content-disposition' }, + { source: [ + ['-----------------------------paZqsnEHRufoShdX6fh0lUhXBP4k', + 'Content-Disposition: form-data; name="file_name_0"', + '', + 'super alpha file', + '-----------------------------paZqsnEHRufoShdX6fh0lUhXBP4k', + 'Content-Disposition: form-data; name="file_name_1"', + '', + 'super beta file', + '-----------------------------paZqsnEHRufoShdX6fh0lUhXBP4k', + 'Content-Disposition: form-data; name="upload_file_0"; filename="1k_a.dat"', + 'Content-Type: application/octet-stream', + '', + 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', + '-----------------------------paZqsnEHRufoShdX6fh0lUhXBP4k', + 'Content-Disposition: form-data; name="upload_file_1"; filename="1k_b.dat"', + 'Content-Type: application/octet-stream', + '', + 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', + '-----------------------------paZqsnEHRufoShdX6fh0lUhXBP4k--' + ].join('\r\n') + ], + boundary: '---------------------------paZqsnEHRufoShdX6fh0lUhXBP4k', + limits: { + fieldNameSize: 5 + }, + expected: [ + ['field', 'file_', 'super alpha file', false, false], + ['field', 'file_', 'super beta file', false, false], + ['file', 'uploa', 1023, 0, '1k_a.', '7bit', 'application/octet-stream'], + ['file', 'uploa', 1023, 0, '1k_b.', '7bit', 'application/octet-stream'] + ], + what: 'Fields and files (limits: 5 byte field name size)' + }, ]; function next() { From c9e3f272fbe51bcfe7e280ef1f24e990b5cca2a3 Mon Sep 17 00:00:00 2001 From: Jaret Pfluger Date: Fri, 3 Oct 2014 00:16:33 -0500 Subject: [PATCH 3/4] lib: fieldNameSize syntax updates --- lib/types/multipart.js | 4 ++-- lib/utils.js | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/types/multipart.js b/lib/types/multipart.js index 8b4fe6a..2a54786 100644 --- a/lib/types/multipart.js +++ b/lib/types/multipart.js @@ -71,8 +71,8 @@ function Multipart(boy, cfg) { ? limits.parts : Infinity), fieldNameSizeLimit = (limits && typeof limits.fieldNameSize === 'number' - ? limits.fieldNameSize - : 100); + ? limits.fieldNameSize + : 100); var nfiles = 0, nfields = 0, diff --git a/lib/utils.js b/lib/utils.js index 333fd2b..d4d73de 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -4,7 +4,7 @@ var RE_ENCODED = /%([a-fA-F0-9]{2})/g; function encodedReplacer(match, byte) { return String.fromCharCode(parseInt(byte, 16)); } -function parseParams(str,fieldNameSize) { +function parseParams(str, fieldNameSize) { var res = [], state = 'key', charset = '', @@ -74,11 +74,11 @@ function parseParams(str,fieldNameSize) { continue; } - if (state !== 'value' || fieldNameSize === undefined) { + if (state !== 'value' || fieldNameSize === undefined || tmp.length < fieldNameSize) //{ tmp += str[i]; - } else if ( tmp.length < fieldNameSize ) { - tmp += str[i]; - } + //} //else if ( tmp.length < fieldNameSize ) { + //tmp += str[i]; + //} } if (charset && tmp.length) { tmp = decodeText(tmp.replace(RE_ENCODED, encodedReplacer), From a901dd141e970c3077926c676c6104016956db81 Mon Sep 17 00:00:00 2001 From: Jaret Pfluger Date: Fri, 3 Oct 2014 00:21:18 -0500 Subject: [PATCH 4/4] lib: removing extraneous comments --- lib/utils.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/utils.js b/lib/utils.js index d4d73de..a46e4e7 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -74,11 +74,8 @@ function parseParams(str, fieldNameSize) { continue; } - if (state !== 'value' || fieldNameSize === undefined || tmp.length < fieldNameSize) //{ + if (state !== 'value' || fieldNameSize === undefined || tmp.length < fieldNameSize) tmp += str[i]; - //} //else if ( tmp.length < fieldNameSize ) { - //tmp += str[i]; - //} } if (charset && tmp.length) { tmp = decodeText(tmp.replace(RE_ENCODED, encodedReplacer),