Having problems since an update.

[J-Gonzalez]

I had this working before but now have updated to newer body parser in which I have tried both

  app.use(bodyParser.urlencoded({
    extended: false
  }));

and

  app.use(bodyParser.urlencoded({
    extended: true
  }));

with no success.

I've got the following form posting

<form action='/testform' method="post">
  <input type="text" name="first_name" value="John">
  <input type="text" name="last_name" value="Doe">
  <input type="text" name="food[name]" value="Lasagna">
  <input type="text" name="food[type]" value="Dinner">
  <input type="text" name="food[origin]" value="Italy">
  <input type="text" name="order[0][quantity]" value="5">
  <input type="text" name="order[0][size]" value="small">
  <input type="text" name="order[0][status]" value="frozen">
  <input type="text" name="order[1][quantity]" value="2">
  <input type="text" name="order[1][size]" value="large">
  <input type="text" name="order[1][status]" value="cooked">
  <input type="hidden" name="_csrf" value="<%- token %>">
  <input name="submit" type="submit" value="submit"/>
</form>

with extended:false, looking at req.body I get:

{ first_name: 'John',
  last_name: 'Doe',
  'food[name]': 'Lasagna',
  'food[type]': 'Dinner',
  'food[origin]': 'Italy',
  'order[0][quantity]': '5',
  'order[0][size]': 'small',
  'order[0][status]': 'frozen',
  'order[1][quantity]': '2',
  'order[1][size]': 'large',
  'order[1][status]': 'cooked',
  _csrf: 'rXgHoLAH-yZJ34JdmcM9Ry2bHCwraxcovMtg',
  submit: 'submit' }

or with extended: true

{ first_name: 'John',
  last_name: 'Doe',
  food: { name: 'Lasagna', type: 'Dinner', origin: 'Italy' },
  order: [ { status: 'frozen' }, { status: 'cooked' } ],
  _csrf: 'rXgHoLAH-yZJ34JdmcM9Ry2bHCwraxcovMtg',
  submit: 'submit' }

What I expect:

{ first_name: 'John',
  last_name: 'Doe',
  food: { name: 'Lasagna', type: 'Dinner', origin: 'Italy' },
  order: [ { quantity: 5, size:'small', status: 'frozen' }, { quantity: 2, size: 'large', status: 'cooked' } ],
  _csrf: 'rXgHoLAH-yZJ34JdmcM9Ry2bHCwraxcovMtg',
  submit: 'submit' }

[dougwilson]

Wow, that is a crazy bug. I reported to to qs to get is fixed soon: ljharb/qs#11

[J-Gonzalez]

When switching to old version of body parser ~1.0.0 (1.0.2) which uses ~0.6.6 for qs, everything works as expected.

[maxleiko]

Found that bug yesterday. Wanted to investigate a little bit more before reporting it. 👍
But using body-parser@~1.0.0 does not fix the problem.

Try with this: myArray[0][a]=aaa&myArray[0][b]=bbb&myArray[1][a]=aa&myArray[1][b]=bb
You'll only get b in the inner-objects

[maxleiko]

I have made a PR ljharb/qs#13 to fix this. Just have to wait now :)

[dougwilson]

Cool. As soon as there is a new qs I'll publish another patch version of this module with it.

Sorry for any problems this caused :( there wasn't an easy way to get just the security fix without the using the qs rewrite, since the fix was only in 1.0.0.

[maxleiko]

@dougwilson qs@1.1.1 will have the fix according to ljharb/qs#13

[dougwilson]

\m/

[J-Gonzalez]

You guys work fast - thanks!

[dougwilson]

Published as 1.6.2