diff options
author | Santiago Pastorino <santiago@wyeworks.com> | 2015-03-11 15:24:25 -0300 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2015-06-17 07:23:16 -0700 |
commit | b515722c2c1506274c5a862c4d6a2bbc079296e6 (patch) | |
tree | a7f11156812189367a4c53cd7c88d2425e7bfc9a | |
parent | 9baa7609ca408f25e8adbd34ca083dc87010da61 (diff) | |
download | rack-b515722c2c1506274c5a862c4d6a2bbc079296e6.tar.gz |
Merge pull request #814 from johnnaegle/only_increment_open_file_count_for_fileparts
Only count files (not all form elements) against the Multipart File Limit
-rw-r--r-- | lib/rack/multipart/parser.rb | 9 | ||||
-rw-r--r-- | test/multipart/three_files_three_fields | 31 | ||||
-rw-r--r-- | test/spec_multipart.rb | 27 |
3 files changed, 63 insertions, 4 deletions
diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb index e6e03538..22d38e74 100644 --- a/lib/rack/multipart/parser.rb +++ b/lib/rack/multipart/parser.rb @@ -54,14 +54,15 @@ module Rack opened_files = 0 loop do - if Utils.multipart_part_limit > 0 - raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit - opened_files += 1 - end head, filename, content_type, name, body = get_current_head_and_filename_and_content_type_and_name_and_body + if Utils.multipart_part_limit > 0 + opened_files += 1 if filename + raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit + end + # Save the rest. if i = @buf.index(rx) body << @buf.slice!(0, i) diff --git a/test/multipart/three_files_three_fields b/test/multipart/three_files_three_fields new file mode 100644 index 00000000..40d88b56 --- /dev/null +++ b/test/multipart/three_files_three_fields @@ -0,0 +1,31 @@ +--AaB03x
+content-disposition: form-data; name="reply"
+
+yes
+--AaB03x
+content-disposition: form-data; name="to"
+
+people
+--AaB03x
+content-disposition: form-data; name="from"
+
+others
+--AaB03x
+content-disposition: form-data; name="fileupload1"; filename="file1.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x
+content-disposition: form-data; name="fileupload2"; filename="file2.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x
+content-disposition: form-data; name="fileupload3"; filename="file3.jpg"
+Content-Type: image/jpeg
+Content-Transfer-Encoding: base64
+
+/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
+--AaB03x--
diff --git a/test/spec_multipart.rb b/test/spec_multipart.rb index 327c6a2a..74578d7b 100644 --- a/test/spec_multipart.rb +++ b/test/spec_multipart.rb @@ -476,6 +476,33 @@ Content-Type: image/jpeg\r end end + should "not reach a multi-part limit" do + begin + previous_limit = Rack::Utils.multipart_part_limit + Rack::Utils.multipart_part_limit = 4 + + env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields) + params = Rack::Multipart.parse_multipart(env) + params['reply'].should.equal 'yes' + params['to'].should.equal 'people' + params['from'].should.equal 'others' + ensure + Rack::Utils.multipart_part_limit = previous_limit + end + end + + should "reach a multipart limit" do + begin + previous_limit = Rack::Utils.multipart_part_limit + Rack::Utils.multipart_part_limit = 3 + + env = Rack::MockRequest.env_for '/', multipart_fixture(:three_files_three_fields) + lambda { Rack::Multipart.parse_multipart(env) }.should.raise(Rack::Multipart::MultipartPartLimitError) + ensure + Rack::Utils.multipart_part_limit = previous_limit + end + end + should "return nil if no UploadedFiles were used" do data = Rack::Multipart.build_multipart("people" => [{"submit-name" => "Larry", "files" => "contents"}]) data.should.equal nil |