Skip to content

Added disable rename files#158

Closed
Laboratory wants to merge 3 commits into
node-formidable:masterfrom
Laboratory:master
Closed

Added disable rename files#158
Laboratory wants to merge 3 commits into
node-formidable:masterfrom
Laboratory:master

Conversation

@Laboratory

@Laboratory Laboratory commented Jul 28, 2012

Copy link
Copy Markdown

request for my issue
#154

set isAutoRename = false for disable rename uploading files

felixge
felixge reviewed Jul 29, 2012
View reviewed changes
Comment thread lib/incoming_form.js

@felixge felixge Jul 29, 2012

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why?

@Laboratory Laboratory Jul 29, 2012

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small optimization :)

@felixge

felixge commented Jul 29, 2012

Copy link
Copy Markdown
Collaborator

A few things:

  • Split unrelated changes (like whitespace) in separate commits
  • Explain your use case
  • Add a test demonstrating that this cannot be exploited (what happens if my file is named '../../my.jpeg'?)

@Laboratory

Laboratory commented Jul 29, 2012

Copy link
Copy Markdown
Author

Explain your use case:

When I upload files to the server, such as his name game.apk, after passing through IncomingForm name becomes 666a0d1b2d94b15f82b311193b694abf.apk. And when the user downloads the game on the phone, he always asks: What a strange file name?

if my file is named '../../my.jpeg' and param isAutoRename=true name will be 7a7a7..aa7.jpeg
if isAutoRename=false name will be my.jpeg

I added test in test/unit/test-incoming-form.js. His name is '#_uploadPath with disable rename files (isAutoRename)'

Laboratory
Laboratory reviewed Jul 29, 2012
View reviewed changes
Comment thread test/unit/test-incoming-form.js Outdated

@Laboratory Laboratory Jul 29, 2012

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for example: my.jpeg

@felixge

felixge commented Jul 29, 2012

Copy link
Copy Markdown
Collaborator

Add a test demonstrating that this cannot be exploited (what happens if my file is named '../../my.jpeg'?)

^-- you have not done that, please add such a test.

@Laboratory

Laboratory commented Jul 29, 2012

Copy link
Copy Markdown
Author

added test

@Laboratory Laboratory mentioned this pull request Jul 30, 2012
Closed
@tunnckoCore

tunnckoCore commented Nov 28, 2019
edited
Loading

Copy link
Copy Markdown
Member

Kind of related to #488 (and few others if i remember correctly) which was also closed recently. We will work on some option that is about the file naming, renaming, escaping/sanitize and etc stuff.

Closing this.

@tunnckoCore tunnckoCore mentioned this pull request Mar 20, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Laboratory @felixge @tunnckoCore @mscdex