formidable - npm Package Compare versions

Comparing version 1.0.14 to 1.0.15

lib/incoming_form.js

@@ -32,3 +32,4 @@ if (global.GENTLY) require = GENTLY.hijack(require);
   this.type = null;
-  this.hash = false;
+  this.hash = opts.hash || false;
+  this.multiples = opts.multiples || false;
 
@@ -44,3 +45,3 @@ this.bytesReceived = null;
   return this;
-};
+}
 util.inherits(IncomingForm, EventEmitter);
@@ -88,3 +89,14 @@ exports.IncomingForm = IncomingForm;
       .on('file', function(name, file) {
-        files[name] = file;
+        if (this.multiples) {
+          if (files[name]) {
+            if (!Array.isArray(files[name])) {
+              files[name] = [files[name]];
+            }
+            files[name].push(file);
+          } else {
+            files[name] = file;
+          }
+        } else {
+          files[name] = file;
+        }
       })
@@ -136,4 +148,7 @@ .on('error', function(err) {
 IncomingForm.prototype.write = function(buffer) {
+  if (this.error) {
+    return;
+  }
   if (!this._parser) {
-    this._error(new Error('unintialized parser'));
+    this._error(new Error('uninitialized parser'));
     return;
@@ -205,2 +220,5 @@ }
   part.on('data', function(buffer) {
+    if (buffer.length == 0) {
+      return;
+    }
     self.pause();
@@ -253,4 +271,4 @@ file.write(buffer, function() {
   if (this.headers['content-type'].match(/multipart/i)) {
-    var m;
-    if (m = this.headers['content-type'].match(/boundary=(?:"([^"]+)"|([^;]+))/i)) {
+    var m = this.headers['content-type'].match(/boundary=(?:"([^"]+)"|([^;]+))/i);
+    if (m) {
       this._initMultipart(m[1] || m[2]);
@@ -277,3 +295,2 @@ } else {
   this.error = err;
-  this.pause();
   this.emit('error', err);
@@ -284,3 +301,3 @@
       file._writeStream.destroy();
-      setTimeout(fs.unlink, 0, file.path);
+      setTimeout(fs.unlink, 0, file.path, function(error) { });
     });
@@ -345,5 +362,5 @@ }
 
-    var m;
+    var m = headerValue.match(/\bname="([^"]+)"/i);
     if (headerField == 'content-disposition') {
-      if (m = headerValue.match(/\bname="([^"]+)"/i)) {
+      if (m) {
         part.name = m[1];
@@ -387,4 +404,4 @@ }
         */
-        var offset = parseInt(part.transferBuffer.length / 4) * 4;
-        part.emit('data', new Buffer(part.transferBuffer.substring(0, offset), 'base64'))
+        var offset = parseInt(part.transferBuffer.length / 4, 10) * 4;
+        part.emit('data', new Buffer(part.transferBuffer.substring(0, offset), 'base64'));
         part.transferBuffer = part.transferBuffer.substring(offset);
@@ -394,3 +411,3 @@ };
       parser.onPartEnd = function() {
-        part.emit('data', new Buffer(part.transferBuffer, 'base64'))
+        part.emit('data', new Buffer(part.transferBuffer, 'base64'));
         part.emit('end');
@@ -457,6 +474,5 @@ };
 
+  this.emit('fileBegin', filename, file);
   file.open();
 
-  this.emit('fileBegin', filename, file);
-
   this._flushing++;
@@ -490,4 +506,6 @@
     var done = function(){
-      self.emit('file', 'file', file);
-      self._maybeEnd();
+      file.end(function() {
+        self.emit('file', 'file', file);
+        self._maybeEnd();
+      });
     };
@@ -515,3 +533,3 @@
     self.emit('field', key, val);
-  }
+  };
 
@@ -534,3 +552,3 @@ parser.onEnd = function() {
     var ext = path.extname(filename);
-    ext     = ext.replace(/(\.[a-z0-9]+).*/, '$1');
+    ext     = ext.replace(/(\.[a-z0-9]+).*/i, '$1');
 
@@ -537,0 +555,0 @@ name += ext;

lib/json_parser.js

 if (global.GENTLY) require = GENTLY.hijack(require);
 
-var Buffer = require('buffer').Buffer
+var Buffer = require('buffer').Buffer;
 
@@ -8,3 +8,3 @@ function JSONParser() {
   this.bytesWritten = 0;
-};
+}
 exports.JSONParser = JSONParser;
@@ -14,3 +14,3 @@
   this.data = new Buffer(length);
-}
+};
 
@@ -25,7 +25,7 @@ JSONParser.prototype.write = function(buffer) {
   return buffer.length;
-}
+};
 
 JSONParser.prototype.end = function() {
   try {
-    var fields = JSON.parse(this.data.toString('utf8'))
+    var fields = JSON.parse(this.data.toString('utf8'));
     for (var field in fields) {
@@ -38,2 +38,2 @@ this.onField(field, fields[field]);
   this.onEnd();
-}
+};

lib/multipart_parser.js

@@ -49,3 +49,3 @@ var Buffer = require('buffer').Buffer,
   this.flags = 0;
-};
+}
 exports.MultipartParser = MultipartParser;
@@ -131,3 +131,5 @@
         if (index == boundary.length - 2) {
-          if (c != CR) {
+          if (c == HYPHEN) {
+            flags |= F.LAST_BOUNDARY;
+          } else if (c != CR) {
             return i;
@@ -138,8 +140,13 @@ }
         } else if (index - 1 == boundary.length - 2) {
-          if (c != LF) {
+          if (flags & F.LAST_BOUNDARY && c == HYPHEN){
+            callback('end');
+            state = S.END;
+            flags = 0;
+          } else if (!(flags & F.LAST_BOUNDARY) && c == LF) {
+            index = 0;
+            callback('partBegin');
+            state = S.HEADER_FIELD_START;
+          } else {
             return i;
           }
-          index = 0;
-          callback('partBegin');
-          state = S.HEADER_FIELD_START;
           break;
@@ -220,3 +227,3 @@ }
 
-        if (index == 0) {
+        if (index === 0) {
           // boyer-moore derrived algorithm to safely skip non-boundary data
@@ -233,3 +240,3 @@ i += boundaryEnd;
           if (boundary[index] == c) {
-            if (index == 0) {
+            if (index === 0) {
               dataCallback('partData', true);
@@ -268,2 +275,3 @@ }
               state = S.END;
+              flags = 0;
             } else {
@@ -319,3 +327,3 @@ index = 0;
   };
-  if ((this.state == S.HEADER_FIELD_START && this.index == 0) ||
+  if ((this.state == S.HEADER_FIELD_START && this.index === 0) ||
       (this.state == S.PART_DATA && this.index == this.boundary.length)) {
@@ -322,0 +330,0 @@ callback(this, 'partEnd');

lib/querystring_parser.js

@@ -10,3 +10,3 @@ if (global.GENTLY) require = GENTLY.hijack(require);
   this.buffer = '';
-};
+}
 exports.QuerystringParser = QuerystringParser;
@@ -13,0 +13,0 @@

package.json

@@ -5,3 +5,3 @@ {
   "homepage": "https://github.com/felixge/node-formidable",
-  "version": "1.0.14",
+  "version": "1.0.15",
   "devDependencies": {
@@ -8,0 +8,0 @@ "gently": "0.8.0",

Readme.md

@@ -25,2 +25,4 @@ # Formidable
 
+This is a low level package, and if you're using a high level framework such as Express, chances are it's already included in it. You can [read this discussion](http://stackoverflow.com/questions/11295554/how-to-disable-express-bodyparser-for-file-uploads-node-js) about how Formidable is integrated with Express.
+
 Via [npm](http://github.com/isaacs/npm):
@@ -86,7 +88,6 @@ ```
 ```javascript
-form.uploadDir = process.env.TMP || process.env.TMPDIR || process.env.TEMP || '/tmp' || process.cwd();
+form.uploadDir = "/my/dir";
 ```
-The directory for placing file uploads in. You can move them later on using
-`fs.rename()`. The default directory is picked at module load time depending on
-the first existing directory from those listed above.
+Sets the directory for placing file uploads in. You can move them later on using
+`fs.rename()`. The default is `os.tmpDir()`.
 
@@ -111,6 +112,6 @@ ```javascript
 ```javascript
-form.maxFields = 0;
+form.maxFields = 1000;
 ```
 Limits the number of fields that the querystring parser will decode. Defaults
-to 0 (unlimited).
+to 1000 (0 for unlimited).
 
@@ -123,2 +124,7 @@ ```javascript
 ```javascript
+form.multiples = false;
+```
+If this option is enabled, when you call `form.parse`, the `files` argument will contain arrays of files for inputs which submit multiple files using the HTML5 `multiple` attribute.
+
+```javascript
 form.bytesReceived
@@ -136,3 +142,3 @@ ```
 ```
-Parses an incoming node.js `request` containing form data. If `cb` is provided, all fields an files are collected and passed to the callback:
+Parses an incoming node.js `request` containing form data. If `cb` is provided, all fields and files are collected and passed to the callback:
 
@@ -139,0 +145,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

426

increased by1.43%

Number of low supply chain risk alerts

2

decreased by-89.47%

Number of medium supply chain risk alerts

1

decreased by-92.86%

Worsened metrics

Total package byte prevSize

40686

decreased by-58.39%

Number of package files

13

decreased by-74%

Lines of code

882

decreased by-64.69%

No dependency changes