Merge pull request #814 from johnnaegle/only_increment_open_file_coun…

…t_for_fileparts Only count files (not all form elements) against the Multipart File Limit
rack · Jun 17, 2015 · b515722 · b515722
1 parent 9baa760
commit b515722
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 4 deletions.
diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb
@@ -54,14 +54,15 @@ def parse
 
         opened_files = 0
         loop do
-          if Utils.multipart_part_limit > 0
-            raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
-            opened_files += 1
-          end
 
           head, filename, content_type, name, body =
             get_current_head_and_filename_and_content_type_and_name_and_body
 
+          if Utils.multipart_part_limit > 0
+            opened_files += 1 if filename
+            raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
+          end
+
           # Save the rest.
           if i = @buf.index(rx)
             body << @buf.slice!(0, i)

diff --git a/test/multipart/three_files_three_fields b/test/multipart/three_files_three_fields
@@ -0,0 +1,31 @@
+--AaB03x
+content-disposition: form-data; name="reply"
+
+yes
+--AaB03x
+content-disposition: form-data; name="to"
+
+people
+--AaB03x
+content-disposition: form-data; name="from"
+
+others
+--AaB03x
+content-disposition: form-data; name="fileupload1"; filename="file1.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x
+content-disposition: form-data; name="fileupload2"; filename="file2.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x
+content-disposition: form-data; name="fileupload3"; filename="file3.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x--
diff --git a/test/spec_multipart.rb b/test/spec_multipart.rb
@@ -476,6 +476,33 @@ def rd.length
     end
   end
 
+ should "not reach a multi-part limit" do
+    begin
+      previous_limit = Rack::Utils.multipart_part_limit
+      Rack::Utils.multipart_part_limit = 4
+
+      env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields)
+      params = Rack::Multipart.parse_multipart(env)
+      params['reply'].should.equal 'yes'
+      params['to'].should.equal 'people'
+      params['from'].should.equal 'others'
+    ensure
+      Rack::Utils.multipart_part_limit = previous_limit
+    end
+  end
+
+  should "reach a multipart limit" do
+    begin
+      previous_limit = Rack::Utils.multipart_part_limit
+      Rack::Utils.multipart_part_limit = 3
+
+      env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields)
+      lambda { Rack::Multipart.parse_multipart(env) }.should.raise(Rack::Multipart::MultipartPartLimitError)
+    ensure
+      Rack::Utils.multipart_part_limit = previous_limit
+    end
+  end
+
   should "return nil if no UploadedFiles were used" do
     data = Rack::Multipart.build_multipart("people" => [{"submit-name" => "Larry", "files" => "contents"}])
     data.should.equal nil