Add ability to control maxKeys in the querystring parser.

As of 8a98c2f1d81cabb6594dc388789d60d2f3f67c09 the Node querystring parser will only extract 1000 parameters by default. This change puts the default back to unlimited (to retain the original formidable behaviour) while allowing it to be set via the `maxFields` option. At the moment this option only affects the QuerystringParser, but could be extended to apply to all the parsers for which it makes sense.
OrangeDog · Mar 4, 2013 · 05e98f6 · 05e98f6
1 parent 12f1d59
commit 05e98f6
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/Readme.md b/Readme.md
@@ -105,6 +105,11 @@ Limits the amount of memory a field (not file) can allocate in bytes.
 If this value is exceeded, an `'error'` event is emitted. The default
 size is 2MB.
 
+```javascript
+form.maxFields = 0;
+```
+Limits the number of fields that the querystring parser will decode. Defaults
+to 0 (unlimited).
 
 ```javascript
 form.hash = false;

diff --git a/lib/incoming_form.js b/lib/incoming_form.js
@@ -22,6 +22,7 @@ function IncomingForm(opts) {
   this.error = null;
   this.ended = false;
 
+  this.maxFields = opts.maxFields || 0;
   this.maxFieldsSize = opts.maxFieldsSize || 2 * 1024 * 1024;
   this.keepExtensions = opts.keepExtensions || false;
   this.uploadDir = opts.uploadDir || os.tmpDir();
@@ -410,7 +411,7 @@ IncomingForm.prototype._fileName = function(headerValue) {
 IncomingForm.prototype._initUrlencoded = function() {
   this.type = 'urlencoded';
 
-  var parser = new QuerystringParser()
+  var parser = new QuerystringParser(this.maxFields)
     , self = this;
 
   parser.onField = function(key, val) {
@@ -525,3 +526,4 @@ IncomingForm.prototype._maybeEnd = function() {
 
   this.emit('end');
 };
+
diff --git a/lib/querystring_parser.js b/lib/querystring_parser.js
@@ -4,7 +4,8 @@ if (global.GENTLY) require = GENTLY.hijack(require);
 // If I find time I'll rewrite this to be fully streaming as well
 var querystring = require('querystring');
 
-function QuerystringParser() {
+function QuerystringParser(maxKeys) {
+  this.maxKeys = maxKeys;
   this.buffer = '';
 };
 exports.QuerystringParser = QuerystringParser;
@@ -15,11 +16,12 @@ QuerystringParser.prototype.write = function(buffer) {
 };
 
 QuerystringParser.prototype.end = function() {
-  var fields = querystring.parse(this.buffer);
+  var fields = querystring.parse(this.buffer, '&', '=', { maxKeys: this.maxKeys });
   for (var field in fields) {
     this.onField(field, fields[field]);
   }
   this.buffer = '';
 
   this.onEnd();
-};
+};
+