Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fix for multi-fields #232

Closed
wants to merge 1 commit into from

3 participants

Beck Andrej Mihajlov Felix Geisendörfer
Felix Geisendörfer felixge commented on the diff
lib/querystring_parser.js
@@ -2,7 +2,7 @@ if (global.GENTLY) require = GENTLY.hijack(require);
// This is a buffering parser, not quite as nice as the multipart one.
// If I find time I'll rewrite this to be fully streaming as well
-var querystring = require('querystring');
+var querystring = require('qs');
Felix Geisendörfer Owner
felixge added a note

Needs to be in package.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Felix Geisendörfer felixge commented on the diff
lib/querystring_parser.js
@@ -16,7 +16,7 @@ QuerystringParser.prototype.write = function(buffer) {
};
QuerystringParser.prototype.end = function() {
- var fields = querystring.parse(this.buffer, '&', '=', { maxKeys: this.maxKeys });
+ var fields = querystring.parse(this.buffer.toString());
Felix Geisendörfer Owner
felixge added a note

Reintroduces a previously fixed hash key dos attack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Andrej Mihajlov

6 months later. So how do you deal with multi-fields these days with formidable?

Felix Geisendörfer
Owner

6 months later. So how do you deal with multi-fields these days with formidable?

Not by writing passive aggressive comments.

Felix Geisendörfer felixge closed this in #272
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jun 9, 2013
  1. Beck
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/querystring_parser.js
4 lib/querystring_parser.js
View
@@ -2,7 +2,7 @@ if (global.GENTLY) require = GENTLY.hijack(require);
// This is a buffering parser, not quite as nice as the multipart one.
// If I find time I'll rewrite this to be fully streaming as well
-var querystring = require('querystring');
+var querystring = require('qs');
Felix Geisendörfer Owner
felixge added a note

Needs to be in package.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
function QuerystringParser(maxKeys) {
this.maxKeys = maxKeys;
@@ -16,7 +16,7 @@ QuerystringParser.prototype.write = function(buffer) {
};
QuerystringParser.prototype.end = function() {
- var fields = querystring.parse(this.buffer, '&', '=', { maxKeys: this.maxKeys });
+ var fields = querystring.parse(this.buffer.toString());
Felix Geisendörfer Owner
felixge added a note

Reintroduces a previously fixed hash key dos attack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
for (var field in fields) {
this.onField(field, fields[field]);
}
Something went wrong with that request. Please try again.