File tree Expand file tree Collapse file tree 1 file changed +7
-4
lines changed Expand file tree Collapse file tree 1 file changed +7
-4
lines changed Original file line number Diff line number Diff line change @@ -352,10 +352,11 @@ IncomingForm.prototype._initMultipart = function(boundary) {
352352 headerField = headerField . toLowerCase ( ) ;
353353 part . headers [ headerField ] = headerValue ;
354354
355- var m = headerValue . match ( / \b n a m e = " ( [ ^ " ] + ) " / i) ;
355+ // matches either a quoted-string or a token (RFC 2616 section 19.5.1)
356+ var m = headerValue . match ( / \b n a m e = ( " ( [ ^ " ] * ) " | ( [ ^ \( \) < > @ , ; : \\ " \/ \[ \] \? = \{ \} \s \t / ] + ) ) / i) ;
356357 if ( headerField == 'content-disposition' ) {
357358 if ( m ) {
358- part . name = m [ 1 ] ;
359+ part . name = m [ 2 ] || m [ 3 ] || '' ;
359360 }
360361
361362 part . filename = self . _fileName ( headerValue ) ;
@@ -421,10 +422,12 @@ IncomingForm.prototype._initMultipart = function(boundary) {
421422} ;
422423
423424IncomingForm . prototype . _fileName = function ( headerValue ) {
424- var m = headerValue . match ( / \b f i l e n a m e = " ( .* ?) " ( $ | ; ) / i) ;
425+ // matches either a quoted-string or a token (RFC 2616 section 19.5.1)
426+ var m = headerValue . match ( / \b f i l e n a m e = ( " ( .* ?) " | ( [ ^ \( \) < > @ , ; : \\ " \/ \[ \] \? = \{ \} \s \t / ] + ) ) ( $ | ; \s ) / i) ;
425427 if ( ! m ) return ;
426428
427- var filename = m [ 1 ] . substr ( m [ 1 ] . lastIndexOf ( '\\' ) + 1 ) ;
429+ var match = m [ 2 ] || m [ 3 ] || '' ;
430+ var filename = match . substr ( match . lastIndexOf ( '\\' ) + 1 ) ;
428431 filename = filename . replace ( / % 2 2 / g, '"' ) ;
429432 filename = filename . replace ( / & # ( [ \d ] { 4 } ) ; / g, function ( m , code ) {
430433 return String . fromCharCode ( code ) ;
You can’t perform that action at this time.
0 commit comments