Absolute paths set for tempFileDir are not handled properly #12910
Description
Describe the Bug
payload.config.ts:
import { buildConfig } from 'payload'
import { tmpdir } from 'node:os'
export default buildConfig({
....
upload: {
tempFileDir: tmpdir(),
useTempFiles: true,
},
....
})collection:
import type { CollectionConfig } from 'payload'
export const Media: CollectionConfig = {
slug: 'media',
fields: [],
upload: true,
hooks: {
beforeOperation: [
async ({ operation, req }) => {
if ((operation === 'create' || operation === 'update') && req.file) {
throw new Error('force stop')
}
},
]
},
}Code of v3.43.0:
payload/packages/payload/src/uploads/fetchAPI-multipart/handlers.ts
Lines 23 to 25 in 053192c
There should be a check to verify whether dir is an absolute path using path.isAbsolute(dir).
There is no mention of any path restrictions in the documentation (https://payloadcms.com/docs/upload/overview#payload-wide-upload-options).
Link to the code that reproduces this issue
https://github.com/payloadcms/payload
Reproduction Steps
- Specify an absolute path for
tempFileDir - Upload file
- Check where the temporary file is created
Which area(s) are affected? (Select all that apply)
area: core
Environment Info
Binaries:
Node: 22.16.0
npm: 11.4.2
Yarn: 1.22.22
pnpm: 10.11.0
Relevant Packages:
payload: 3.43.0
next: 15.3.4
@payloadcms/db-mongodb: 3.43.0
@payloadcms/db-postgres: 3.43.0
@payloadcms/email-nodemailer: 3.43.0
@payloadcms/graphql: 3.43.0
@payloadcms/next/utilities: 3.43.0
@payloadcms/payload-cloud: 3.43.0
@payloadcms/plugin-cloud-storage: 3.43.0
@payloadcms/richtext-lexical: 3.43.0
@payloadcms/storage-s3: 3.43.0
@payloadcms/translations: 3.43.0
@payloadcms/ui/shared: 3.43.0
react: 19.1.0
react-dom: 19.1.0
Operating System:
Platform: linux
Arch: arm64
Version: #1 SMP Tue Apr 15 16:00:54 UTC 2025
Available memory (MB): 23998
Available CPU cores: 10