Fix for multi-fields #232

Closed
wants to merge 1 commit into
from

Projects

None yet

3 participants

@felixge felixge commented on the diff Jun 9, 2013
lib/querystring_parser.js
@@ -2,7 +2,7 @@ if (global.GENTLY) require = GENTLY.hijack(require);
// This is a buffering parser, not quite as nice as the multipart one.
// If I find time I'll rewrite this to be fully streaming as well
-var querystring = require('querystring');
+var querystring = require('qs');
felixge
felixge Jun 9, 2013 Owner

Needs to be in package.json

@felixge felixge commented on the diff Jun 9, 2013
lib/querystring_parser.js
@@ -16,7 +16,7 @@ QuerystringParser.prototype.write = function(buffer) {
};
QuerystringParser.prototype.end = function() {
- var fields = querystring.parse(this.buffer, '&', '=', { maxKeys: this.maxKeys });
+ var fields = querystring.parse(this.buffer.toString());
felixge
felixge Jun 9, 2013 Owner

Reintroduces a previously fixed hash key dos attack.

6 months later. So how do you deal with multi-fields these days with formidable?

Owner
felixge commented Dec 12, 2013

6 months later. So how do you deal with multi-fields these days with formidable?

Not by writing passive aggressive comments.

@felixge felixge closed this in #272 Mar 4, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment