Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

We’re showing branches in this repository, but you can also compare across forks.

base fork: felixge/node-formidable
base: v0.8.0
...
head fork: felixge/node-formidable
compare: v0.9.0
  • 2 commits
  • 4 files changed
  • 2 commit comments
  • 1 contributor
Commits on Jun 14, 2010
Felix Geisendörfer New feature: form.keepExtensions
This is useful if you process uploaded files using comannd line tools
that determine the type of a file using its extension. (I will hunt down
the authors of these tools so we won't have to rely on file extensions
any more in the future)
10c57f0
Felix Geisendörfer Bump version af57e61
4 Readme.md
View
@@ -78,6 +78,10 @@ The encoding to use for incoming form fields.
The directory for placing file uploads in. You can later on move them using `fs.rename()`.
+#### incomingForm.keepExtensions = false
+
+If you want the files written to `incomingForm.uploadDir` to include the extensions of the original files, set this property to `true`.
+
#### incomingForm.type
Either 'multipart' or 'urlencoded' depending on the incoming request.
9 lib/formidable/incoming_form.js
View
@@ -14,6 +14,7 @@ function IncomingForm() {
this.error = null;
this.ended = false;
+ this.keepExtensions = false;
this.uploadDir = '/tmp';
this.encoding = 'utf-8';
this.headers = null;
@@ -150,7 +151,7 @@ IncomingForm.prototype.handlePart = function(part) {
this._flushing++;
- var file = new WriteStream(this._uploadPath());
+ var file = new WriteStream(this._uploadPath(part.filename));
part.addListener('data', function(buffer) {
self.pause();
file.write(buffer, function() {
@@ -308,12 +309,16 @@ IncomingForm.prototype._initUrlencoded = function() {
this._parser = parser;
};
-IncomingForm.prototype._uploadPath = function() {
+IncomingForm.prototype._uploadPath = function(filename) {
var name = '';
for (i = 0; i < 32; i++) {
name += Math.floor(Math.random() * 16).toString(16);
}
+ if (this.keepExtensions) {
+ name += path.extname(filename);
+ }
+
return path.join(this.uploadDir, name);
};
2  package.json
View
@@ -1,5 +1,5 @@
{ "name" : "formidable"
-, "version": "0.8.0"
+, "version": "0.9.0"
, "dependencies": {"gently": ">=0.7.0"}
, "directories" : { "lib" : "./lib/formidable" }
, "main" : "./lib/formidable/index"
55 test/simple/test-incoming-form.js
View
@@ -26,6 +26,7 @@ test(function constructor() {
assert.strictEqual(form.ended, false);
assert.strictEqual(form.type, null);
assert.strictEqual(form.headers, null);
+ assert.strictEqual(form.keepExtensions, false);
assert.strictEqual(form.uploadDir, '/tmp');
assert.strictEqual(form.encoding, 'utf-8');
assert.strictEqual(form.bytesReceived, null);
@@ -493,16 +494,20 @@ test(function handlePart() {
(function testFilePart() {
var PART = new events.EventEmitter()
- , FILE = new events.EventEmitter();
+ , FILE = new events.EventEmitter()
+ , PATH = '/foo/bar';
PART.name = 'my_file';
PART.filename = 'sweet.txt';
PART.mime = 'sweet.txt';
- FILE.path = form._uploadPath();
+ gently.expect(form, '_uploadPath', function(filename) {
+ assert.equal(filename, PART.filename);
+ return PATH;
+ });
- gently.expect(WriteStreamStub, 'new', function(file) {
- assert.equal(path.dirname(file), form.uploadDir);
+ gently.expect(WriteStreamStub, 'new', function(path) {
+ assert.equal(path, PATH);
FILE = this;
});
@@ -543,19 +548,39 @@ test(function handlePart() {
});
test(function _uploadPath() {
- var UUID_A, UUID_B;
- gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, uuid) {
- assert.equal(uploadDir, form.uploadDir);
- UUID_A = uuid;
- });
- form._uploadPath();
+ (function testUniqueId() {
+ var UUID_A, UUID_B;
+ gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, uuid) {
+ assert.equal(uploadDir, form.uploadDir);
+ UUID_A = uuid;
+ });
+ form._uploadPath();
- gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, uuid) {
- UUID_B = uuid;
- });
- form._uploadPath();
+ gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, uuid) {
+ UUID_B = uuid;
+ });
+ form._uploadPath();
+
+ assert.notEqual(UUID_A, UUID_B);
+ })();
- assert.notEqual(UUID_A, UUID_B);
+ (function testFileExtension() {
+ form.keepExtensions = true;
+ var FILENAME = 'foo.jpg'
+ , EXT = '.bar';
+
+ gently.expect(GENTLY.hijacked.path, 'extname', function(filename) {
+ assert.equal(filename, FILENAME);
+ gently.restore(path, 'extname');
+
+ return EXT;
+ });
+
+ gently.expect(GENTLY.hijacked.path, 'join', function(uploadDir, name) {
+ assert.equal(path.extname(name), EXT);
+ });
+ form._uploadPath(FILENAME);
+ })();
});
test(function _maybeEnd() {

Showing you all comments on commits in this comparison.

Benjamin Thomas

I'm confused, we don't like file extensions?

Felix Geisendörfer
Owner

Well, basically you cannot trust the name and extension of user uploaded files. There is a significant amount of files with misnamed extensions, especially with multi media files. Plus, certain media formats are just containers for codecs.

So the only reliable way is to yank the file through magic db (http://www.magicdb.org/) and use that.

Something went wrong with that request. Please try again.