From 97d386740f5ed4c4be09dfdd23e5b7fc3d940d42 Mon Sep 17 00:00:00 2001 From: Evgeny Soynov Date: Mon, 29 Jun 2020 21:15:00 +0200 Subject: [PATCH 1/2] Fixes expressjs/multer#553 . Makes multer handle missing field names. Without this fix fields without a name result in a "TypeError: Cannot read property 'length' of undefined" in the underlying append-field library. The current change allows getting an error from multer that makes it possible to handle it in servers. --- lib/make-middleware.js | 1 + lib/multer-error.js | 3 ++- test/error-handling.js | 27 +++++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/lib/make-middleware.js b/lib/make-middleware.js index d22042ee..eb2c5a75 100644 --- a/lib/make-middleware.js +++ b/lib/make-middleware.js @@ -81,6 +81,7 @@ function makeMiddleware (setup) { // handle text field data busboy.on('field', function (fieldname, value, fieldnameTruncated, valueTruncated) { + if (!fieldname) return abortWithCode('LIMIT_MISSING_FIELD_NAME') if (fieldnameTruncated) return abortWithCode('LIMIT_FIELD_KEY') if (valueTruncated) return abortWithCode('LIMIT_FIELD_VALUE', fieldname) diff --git a/lib/multer-error.js b/lib/multer-error.js index 4c91d295..a1a39bb7 100644 --- a/lib/multer-error.js +++ b/lib/multer-error.js @@ -7,7 +7,8 @@ var errorMessages = { LIMIT_FIELD_KEY: 'Field name too long', LIMIT_FIELD_VALUE: 'Field value too long', LIMIT_FIELD_COUNT: 'Too many fields', - LIMIT_UNEXPECTED_FILE: 'Unexpected field' + LIMIT_UNEXPECTED_FILE: 'Unexpected field', + LIMIT_MISSING_FIELD_NAME: 'Field name missing' } function MulterError (code, field) { diff --git a/test/error-handling.js b/test/error-handling.js index 450173fb..ccbf9981 100644 --- a/test/error-handling.js +++ b/test/error-handling.js @@ -148,6 +148,33 @@ describe('Error Handling', function () { }) }) + it('should notify of missing field name', function (done) { + var req = new stream.PassThrough() + var storage = multer.memoryStorage() + var upload = multer({ storage: storage }).single('tiny0') + var boundary = 'AaB03x' + var body = [ + '--' + boundary, + 'Content-Disposition: form-data', + '', + 'test content', + '--' + boundary, + '' + ].join('\r\n') + + req.headers = { + 'content-type': 'multipart/form-data; boundary=' + boundary, + 'content-length': body.length + } + + req.end(body) + + upload(req, null, function (err) { + assert.strictEqual(err.code, 'LIMIT_MISSING_FIELD_NAME') + done() + }) + }) + it('should report errors from storage engines', function (done) { var storage = multer.memoryStorage() From 00cfcd74477b02c57e6a635baacee5b1af7db729 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20Unneb=C3=A4ck?= Date: Tue, 7 Dec 2021 12:32:52 +0100 Subject: [PATCH 2/2] Apply suggestions from code review --- lib/make-middleware.js | 2 +- lib/multer-error.js | 2 +- test/error-handling.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/make-middleware.js b/lib/make-middleware.js index eb2c5a75..b033cbd9 100644 --- a/lib/make-middleware.js +++ b/lib/make-middleware.js @@ -81,7 +81,7 @@ function makeMiddleware (setup) { // handle text field data busboy.on('field', function (fieldname, value, fieldnameTruncated, valueTruncated) { - if (!fieldname) return abortWithCode('LIMIT_MISSING_FIELD_NAME') + if (fieldname == null) return abortWithCode('MISSING_FIELD_NAME') if (fieldnameTruncated) return abortWithCode('LIMIT_FIELD_KEY') if (valueTruncated) return abortWithCode('LIMIT_FIELD_VALUE', fieldname) diff --git a/lib/multer-error.js b/lib/multer-error.js index a1a39bb7..d56b00e8 100644 --- a/lib/multer-error.js +++ b/lib/multer-error.js @@ -8,7 +8,7 @@ var errorMessages = { LIMIT_FIELD_VALUE: 'Field value too long', LIMIT_FIELD_COUNT: 'Too many fields', LIMIT_UNEXPECTED_FILE: 'Unexpected field', - LIMIT_MISSING_FIELD_NAME: 'Field name missing' + MISSING_FIELD_NAME: 'Field name missing' } function MulterError (code, field) { diff --git a/test/error-handling.js b/test/error-handling.js index ccbf9981..b462e16e 100644 --- a/test/error-handling.js +++ b/test/error-handling.js @@ -170,7 +170,7 @@ describe('Error Handling', function () { req.end(body) upload(req, null, function (err) { - assert.strictEqual(err.code, 'LIMIT_MISSING_FIELD_NAME') + assert.strictEqual(err.code, 'MISSING_FIELD_NAME') done() }) })