Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: felixge/node-formidable
base: v0.8.0
...
head fork: felixge/node-formidable
compare: v0.9.0
  • 2 commits
  • 4 files changed
  • 2 commit comments
  • 1 contributor
Commits on Jun 14, 2010
@felixge New feature: form.keepExtensions
This is useful if you process uploaded files using comannd line tools
that determine the type of a file using its extension. (I will hunt down
the authors of these tools so we won't have to rely on file extensions
any more in the future)
10c57f0
@felixge Bump version af57e61
View
4 Readme.md
@@ -78,6 +78,10 @@ The encoding to use for incoming form fields.
The directory for placing file uploads in. You can later on move them using `fs.rename()`.
+#### incomingForm.keepExtensions = false
+
+If you want the files written to `incomingForm.uploadDir` to include the extensions of the original files, set this property to `true`.
+
#### incomingForm.type
Either 'multipart' or 'urlencoded' depending on the incoming request.
View
9 lib/formidable/incoming_form.js
@@ -14,6 +14,7 @@ function IncomingForm() {
this.error = null;
this.ended = false;
+ this.keepExtensions = false;
this.uploadDir = '/tmp';
this.encoding = 'utf-8';
this.headers = null;
@@ -150,7 +151,7 @@ IncomingForm.prototype.handlePart = function(part) {
this._flushing++;
- var file = new WriteStream(this._uploadPath());
+ var file = new WriteStream(this._uploadPath(part.filename));
part.addListener('data', function(buffer) {
self.pause();
file.write(buffer, function() {
@@ -308,12 +309,16 @@ IncomingForm.prototype._initUrlencoded = function() {
this._parser = parser;
};
-IncomingForm.prototype._uploadPath = function() {
+IncomingForm.prototype._uploadPath = function(filename) {
var name = '';
for (i = 0; i < 32; i++) {
name += Math.floor(Math.random() * 16).toString(16);
}
+ if (this.keepExtensions) {
+ name += path.extname(filename);
+ }
+
return path.join(this.uploadDir, name);
};
View
2  package.json
@@ -1,5 +1,5 @@
{ "name" : "formidable"
-, "version": "0.8.0"
+, "version": "0.9.0"
, "dependencies": {"gently": ">=0.7.0"}
, "directories" : { "lib" : "./lib/formidable" }
, "main" : "./lib/formidable/index"
View
55 test/simple/test-incoming-form.js
@@ -26,6 +26,7 @@ test(function constructor() {
assert.strictEqual(form.ended, false);
assert.strictEqual(form.type, null);
assert.strictEqual(form.headers, null);
+ assert.strictEqual(form.keepExtensions, false);
assert.strictEqual(form.uploadDir, '/tmp');
assert.strictEqual(form.encoding, 'utf-8');
assert.strictEqual(form.bytesReceived, null);
@@ -493,16 +494,20 @@ test(function handlePart() {
(function testFilePart() {
var PART = new events.EventEmitter()
- , FILE = new events.EventEmitter();
+ , FILE = new events.EventEmitter()
+ , PATH = '/foo/bar';
PART.name = 'my_file';
PART.filename = 'sweet.txt';
PART.mime = 'sweet.txt';
- FILE.path = form._uploadPath();
+ gently.expect(form, '_uploadPath', function(filename) {
+ assert.equal(filename, PART.filename);
+ return PATH;
+ });
- gently.expect(WriteStreamStub, 'new', function(file) {
- assert.equal(path.dirname(file), form.uploadDir);
+ gently.expect(WriteStreamStub, 'new', function(path) {
+ assert.equal(path, PATH);
FILE = this;
});
@@ -543,19 +548,39 @@ test(function handlePart() {
});
test(function _uploadPath() {
- var UUID_A, UUID_B;
- gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, uuid) {
- assert.equal(uploadDir, form.uploadDir);
- UUID_A = uuid;
- });
- form._uploadPath();
+ (function testUniqueId() {
+ var UUID_A, UUID_B;
+ gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, uuid) {
+ assert.equal(uploadDir, form.uploadDir);
+ UUID_A = uuid;
+ });
+ form._uploadPath();
- gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, uuid) {
- UUID_B = uuid;
- });
- form._uploadPath();
+ gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, uuid) {
+ UUID_B = uuid;
+ });
+ form._uploadPath();
+
+ assert.notEqual(UUID_A, UUID_B);
+ })();
- assert.notEqual(UUID_A, UUID_B);
+ (function testFileExtension() {
+ form.keepExtensions = true;
+ var FILENAME = 'foo.jpg'
+ , EXT = '.bar';
+
+ gently.expect(GENTLY.hijacked.path, 'extname', function(filename) {
+ assert.equal(filename, FILENAME);
+ gently.restore(path, 'extname');
+
+ return EXT;
+ });
+
+ gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, name) {
+ assert.equal(path.extname(name), EXT);
+ });
+ form._uploadPath(FILENAME);
+ })();
});
test(function _maybeEnd() {

Showing you all comments on commits in this comparison.

@bentomas

I'm confused, we don't like file extensions?

@felixge
Owner

Well, basically you cannot trust the name and extension of user uploaded files. There is a significant amount of files with misnamed extensions, especially with multi media files. Plus, certain media formats are just containers for codecs.

So the only reliable way is to yank the file through magic db (http://www.magicdb.org/) and use that.

Something went wrong with that request. Please try again.