Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When parsing a multi-part POST, retain original pairs #2088

Merged
merged 1 commit into from
Jul 17, 2023
Merged

When parsing a multi-part POST, retain original pairs #2088

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions lib/rack/constants.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ module Rack
RACK_RESPONSE_FINISHED = 'rack.response_finished'
RACK_REQUEST_FORM_INPUT = 'rack.request.form_input'
RACK_REQUEST_FORM_HASH = 'rack.request.form_hash'
RACK_REQUEST_FORM_PAIRS = 'rack.request.form_pairs'
RACK_REQUEST_FORM_VARS = 'rack.request.form_vars'
RACK_REQUEST_FORM_ERROR = 'rack.request.form_error'
RACK_REQUEST_COOKIE_HASH = 'rack.request.cookie_hash'
Expand Down
25 changes: 25 additions & 0 deletions lib/rack/multipart.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,31 @@ class MissingInputError < StandardError
include BadRequest
end

# Accumulator for multipart form data, conforming to the QueryParser API.
# In future, the Parser could return the pair list directly, but that would
# change its API.
class ParamList # :nodoc:
def self.make_params
new
end

def self.normalize_params(params, key, value)
params << [key, value]
end

def initialize
@pairs = []
end

def <<(pair)
@pairs << pair
end

def to_params_hash
@pairs
end
end

class << self
def parse_multipart(env, params = Rack::Utils.default_query_parser)
unless io = env[RACK_INPUT]
Expand Down
15 changes: 14 additions & 1 deletion lib/rack/request.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -516,7 +516,10 @@ def POST
set_header RACK_REQUEST_FORM_INPUT, nil
set_header(RACK_REQUEST_FORM_HASH, {})
elsif form_data? || parseable_data?
unless set_header(RACK_REQUEST_FORM_HASH, parse_multipart)
if pairs = Rack::Multipart.parse_multipart(env, Rack::Multipart::ParamList)
ioquatix marked this conversation as resolved.
Show resolved Hide resolved
set_header RACK_REQUEST_FORM_PAIRS, pairs
set_header RACK_REQUEST_FORM_HASH, expand_param_pairs(pairs)
else
form_vars = get_header(RACK_INPUT).read

# Fix for Safari Ajax postings that always append \0
Expand Down Expand Up @@ -672,6 +675,16 @@ def parse_multipart
Rack::Multipart.extract_multipart(self, query_parser)
end

def expand_param_pairs(pairs, query_parser = query_parser())
params = query_parser.make_params

pairs.each do |k, v|
query_parser.normalize_params(params, k, v)
end

params.to_params_hash
end

def split_header(value)
value ? value.strip.split(/[,\s]+/) : []
end
Expand Down
2 changes: 2 additions & 0 deletions test/spec_request.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1359,6 +1359,8 @@ def initialize(*)
f[:filename].must_equal "dj.jpg"
f.must_include :tempfile
f[:tempfile].size.must_equal 76

req.env['rack.request.form_pairs'].must_equal [["reply", "yes"], ["fileupload", f]]
end

it "MultipartPartLimitError when request has too many multipart file parts if limit set" do
Expand Down