self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-08-10 22:11:50 +02:00
Code Issues Releases Activity

Server: Trying to fix a request parsing error that can potentially crash the error (#12860)

Browse Source
This commit is contained in:
Laurent Cozic
2025-08-03 15:04:54 +01:00
committed by GitHub
parent a80406dcb7
commit 702b5b3c63
1 changed files with 38 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
packages/server/src/utils/requestUtils.ts
View File

@@ -75,29 +75,49 @@ export async function formParse(request: IncomingMessage): Promise<FormParseResu
// headers // headers
// eslint-disable-next-line @typescript-eslint/ban-types -- Old code before rule was applied // eslint-disable-next-line @typescript-eslint/ban-types -- Old code before rule was applied
return new Promise((resolve: Function, reject: Function) => { return new Promise((resolve: Function, reject: Function) => {
let promiseCompleted = false;
const form = formidable({ const form = formidable({
allowEmptyFiles: true, allowEmptyFiles: true,
minFileSize: 0, minFileSize: 0,
}); });
// eslint-disable-next-line @typescript-eslint/no-explicit-any -- Old code before rule was applied
form.parse(req, (error: any, fields: Fields, files: Files) => {
if (error) {
error.message = `Could not parse form: ${error.message}`;
reject(error);
return;
}
// Formidable seems to be doing some black magic and once a request try {
// has been parsed it cannot be parsed again. Doing so will do form.on('error', (error) => {
// nothing, the code will just end there, or maybe wait if (promiseCompleted) return;
// indefinitely. So we cache the result on success and return it if promiseCompleted = true;
// some code somewhere tries again to parse the form. const wrapped = new Error(`Could not parse form (1): ${error.message}`);
req.__parsed = { reject(wrapped);
fields: isFormContentType ? convertFieldsToKeyValue(fields) : fields, });
files: convertFieldsToKeyValue(files),
}; form.parse(req, (error: Error, fields: Fields, files: Files) => {
resolve(req.__parsed); if (promiseCompleted) return;
}); promiseCompleted = true;
if (error) {
error.message = `Could not parse form (2): ${error.message}`;
reject(error);
return;
}
// Formidable seems to be doing some black magic and once a request
// has been parsed it cannot be parsed again. Doing so will do
// nothing, the code will just end there, or maybe wait
// indefinitely. So we cache the result on success and return it if
// some code somewhere tries again to parse the form.
req.__parsed = {
fields: isFormContentType ? convertFieldsToKeyValue(fields) : fields,
files: convertFieldsToKeyValue(files),
};
resolve(req.__parsed);
});
} catch (error) {
if (promiseCompleted) return;
promiseCompleted = true;
const wrapped = new Error(`Could not parse form (3): ${error.message}`);
reject(wrapped);
}
}); });
} }