Server: Trying to fix a request parsing error that can potentially crash the error (#12860)

2025-08-10 22:11:50 +02:00 · 2025-08-03 15:04:54 +01:00
parent a80406dcb7
commit 702b5b3c63
1 changed files with 38 additions and 18 deletions
--- a/packages/server/src/utils/requestUtils.ts
+++ b/packages/server/src/utils/requestUtils.ts
@@ -75,29 +75,49 @@ export async function formParse(request: IncomingMessage): Promise<FormParseResu
 	// headers
 	// eslint-disable-next-line @typescript-eslint/ban-types -- Old code before rule was applied
 	return new Promise((resolve: Function, reject: Function) => {
+		let promiseCompleted = false;
+
 		const form = formidable({
 			allowEmptyFiles: true,
 			minFileSize: 0,
 		});
-		// eslint-disable-next-line @typescript-eslint/no-explicit-any -- Old code before rule was applied
-		form.parse(req, (error: any, fields: Fields, files: Files) => {
-			if (error) {
-				error.message = `Could not parse form: ${error.message}`;
-				reject(error);
-				return;
-			}

-			// Formidable seems to be doing some black magic and once a request
-			// has been parsed it cannot be parsed again. Doing so will do
-			// nothing, the code will just end there, or maybe wait
-			// indefinitely. So we cache the result on success and return it if
-			// some code somewhere tries again to parse the form.
-			req.__parsed = {
-				fields: isFormContentType ? convertFieldsToKeyValue(fields) : fields,
-				files: convertFieldsToKeyValue(files),
-			};
-			resolve(req.__parsed);
-		});
+		try {
+			form.on('error', (error) => {
+				if (promiseCompleted) return;
+				promiseCompleted = true;
+				const wrapped = new Error(`Could not parse form (1): ${error.message}`);
+				reject(wrapped);
+			});
+
+			form.parse(req, (error: Error, fields: Fields, files: Files) => {
+				if (promiseCompleted) return;
+				promiseCompleted = true;
+
+				if (error) {
+					error.message = `Could not parse form (2): ${error.message}`;
+					reject(error);
+					return;
+				}
+
+				// Formidable seems to be doing some black magic and once a request
+				// has been parsed it cannot be parsed again. Doing so will do
+				// nothing, the code will just end there, or maybe wait
+				// indefinitely. So we cache the result on success and return it if
+				// some code somewhere tries again to parse the form.
+				req.__parsed = {
+					fields: isFormContentType ? convertFieldsToKeyValue(fields) : fields,
+					files: convertFieldsToKeyValue(files),
+				};
+				resolve(req.__parsed);
+			});
+		} catch (error) {
+			if (promiseCompleted) return;
+			promiseCompleted = true;
+
+			const wrapped = new Error(`Could not parse form (3): ${error.message}`);
+			reject(wrapped);
+		}
 	});
 }