rack 1.6.12 → 2.0.7

data/lib/rack/multipart/parser.rb

@@ -6,159 +6,302 @@ module Rack
 
     class Parser
       BUFSIZE = 16384
-      DUMMY = Struct.new(:parse).new
+      TEXT_PLAIN = "text/plain"
+      TEMPFILE_FACTORY = lambda { |filename, content_type|
+        Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0".freeze, '%00'.freeze))])
+      }
+
+      class BoundedIO # :nodoc:
+        def initialize(io, content_length)
+          @io             = io
+          @content_length = content_length
+          @cursor = 0
+        end
 
-      def self.create(env)
-        return DUMMY unless env['CONTENT_TYPE'] =~ MULTIPART
+        def read(size)
+          return if @cursor >= @content_length
 
-        io = env['rack.input']
-        io.rewind
+          left = @content_length - @cursor
+
+          str = if left < size
+                  @io.read left
+                else
+                  @io.read size
+                end
 
-        content_length = env['CONTENT_LENGTH']
-        content_length = content_length.to_i if content_length
+          if str
+            @cursor += str.bytesize
+          else
+            # Raise an error for mismatching Content-Length and actual contents
+            raise EOFError, "bad content body"
+          end
 
-        tempfile = env['rack.multipart.tempfile_factory'] ||
-          lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0".freeze, '%00'.freeze))]) }
-        bufsize = env['rack.multipart.buffer_size'] || BUFSIZE
+          str
+        end
 
-        new($1, io, content_length, env, tempfile, bufsize)
+        def rewind
+          @io.rewind
+        end
       end
 
-      def initialize(boundary, io, content_length, env, tempfile, bufsize)
-        @buf            = ""
+      MultipartInfo = Struct.new :params, :tmp_files
+      EMPTY         = MultipartInfo.new(nil, [])
 
-        if @buf.respond_to? :force_encoding
-          @buf.force_encoding Encoding::ASCII_8BIT
-        end
+      def self.parse_boundary(content_type)
+        return unless content_type
+        data = content_type.match(MULTIPART)
+        return unless data
+        data[1]
+      end
 
-        @params         = Utils::KeySpaceConstrainedParams.new
-        @boundary       = "--#{boundary}"
-        @io             = io
-        @content_length = content_length
-        @boundary_size  = Utils.bytesize(@boundary) + EOL.size
-        @env = env
-        @tempfile       = tempfile
-        @bufsize        = bufsize
+      def self.parse(io, content_length, content_type, tmpfile, bufsize, qp)
+        return EMPTY if 0 == content_length
 
-        if @content_length
-          @content_length -= @boundary_size
-        end
+        boundary = parse_boundary content_type
+        return EMPTY unless boundary
 
-        @rx = /(?:#{EOL})?#{Regexp.quote(@boundary)}(#{EOL}|--)/n
-        @full_boundary = @boundary + EOL
-      end
+        io = BoundedIO.new(io, content_length) if content_length
 
-      def parse
-        fast_forward_to_first_boundary
+        parser = new(boundary, tmpfile, bufsize, qp)
+        parser.on_read io.read(bufsize)
 
-        opened_files = 0
         loop do
+          break if parser.state == :DONE
+          parser.on_read io.read(bufsize)
+        end
 
-          head, filename, content_type, name, body =
-            get_current_head_and_filename_and_content_type_and_name_and_body
+        io.rewind
+        parser.result
+      end
 
-          if Utils.multipart_part_limit > 0
-            opened_files += 1 if filename
-            raise MultipartPartLimitError, 'Maximum file multiparts in content reached' if opened_files >= Utils.multipart_part_limit
+      class Collector
+        class MimePart < Struct.new(:body, :head, :filename, :content_type, :name)
+          def get_data
+            data = body
+            if filename == ""
+              # filename is blank which means no file has been selected
+              return
+            elsif filename
+              body.rewind if body.respond_to?(:rewind)
+
+              # Take the basename of the upload's original filename.
+              # This handles the full Windows paths given by Internet Explorer
+              # (and perhaps other broken user agents) without affecting
+              # those which give the lone filename.
+              fn = filename.split(/[\/\\]/).last
+
+              data = {:filename => fn, :type => content_type,
+                      :name => name, :tempfile => body, :head => head}
+            elsif !filename && content_type && body.is_a?(IO)
+              body.rewind
+
+              # Generic multipart cases, not coming from a form
+              data = {:type => content_type,
+                      :name => name, :tempfile => body, :head => head}
+            end
+
+            yield data
           end
+        end
 
-          # Save the rest.
-          if i = @buf.index(rx)
-            body << @buf.slice!(0, i)
-            @buf.slice!(0, @boundary_size+2)
+        class BufferPart < MimePart
+          def file?; false; end
+          def close; end
+        end
 
-            @content_length = -1  if $1 == "--"
-          end
+        class TempfilePart < MimePart
+          def file?; true; end
+          def close; body.close; end
+        end
 
-          get_data(filename, body, content_type, name, head) do |data|
-            tag_multipart_encoding(filename, content_type, name, data)
+        include Enumerable
 
-            Utils.normalize_params(@params, name, data)
-          end
+        def initialize tempfile
+          @tempfile = tempfile
+          @mime_parts = []
+          @open_files = 0
+        end
 
-          # break if we're at the end of a buffer, but not if it is the end of a field
-          break if (@buf.empty? && $1 != EOL) || @content_length == -1
+        def each
+          @mime_parts.each { |part| yield part }
         end
 
-        @io.rewind
+        def on_mime_head mime_index, head, filename, content_type, name
+          if filename
+            body = @tempfile.call(filename, content_type)
+            body.binmode if body.respond_to?(:binmode)
+            klass = TempfilePart
+            @open_files += 1
+          else
+            body = String.new
+            klass = BufferPart
+          end
 
-        @params.to_params_hash
-      end
+          @mime_parts[mime_index] = klass.new(body, head, filename, content_type, name)
+          check_open_files
+        end
 
-      private
-      def full_boundary; @full_boundary; end
+        def on_mime_body mime_index, content
+          @mime_parts[mime_index].body << content
+        end
 
-      def rx; @rx; end
+        def on_mime_finish mime_index
+        end
 
-      def fast_forward_to_first_boundary
-        loop do
-          content = @io.read(@bufsize)
-          raise EOFError, "bad content body" unless content
-          @buf << content
+        private
 
-          while @buf.gsub!(/\A([^\n]*\n)/, '')
-            read_buffer = $1
-            return if read_buffer == full_boundary
+        def check_open_files
+          if Utils.multipart_part_limit > 0
+            if @open_files >= Utils.multipart_part_limit
+              @mime_parts.each(&:close)
+              raise MultipartPartLimitError, 'Maximum file multiparts in content reached'
+            end
           end
-
-          raise EOFError, "bad content body" if Utils.bytesize(@buf) >= @bufsize
         end
       end
 
-      def get_current_head_and_filename_and_content_type_and_name_and_body
-        head = nil
-        body = ''
+      attr_reader :state
+
+      def initialize(boundary, tempfile, bufsize, query_parser)
+        @buf            = String.new
 
-        if body.respond_to? :force_encoding
-          body.force_encoding Encoding::ASCII_8BIT
+        @query_parser   = query_parser
+        @params         = query_parser.make_params
+        @boundary       = "--#{boundary}"
+        @bufsize        = bufsize
+
+        @rx = /(?:#{EOL})?#{Regexp.quote(@boundary)}(#{EOL}|--)/n
+        @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
+        @full_boundary = @boundary
+        @end_boundary = @boundary + '--'
+        @state = :FAST_FORWARD
+        @mime_index = 0
+        @collector = Collector.new tempfile
+      end
+
+      def on_read content
+        handle_empty_content!(content)
+        @buf << content
+        run_parser
+      end
+
+      def result
+        @collector.each do |part|
+          part.get_data do |data|
+            tag_multipart_encoding(part.filename, part.content_type, part.name, data)
+            @query_parser.normalize_params(@params, part.name, data, @query_parser.param_depth_limit)
+          end
         end
 
-        filename = content_type = name = nil
+        MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body)
+      end
 
-        until head && @buf =~ rx
-          if !head && i = @buf.index(EOL+EOL)
-            head = @buf.slice!(0, i+2) # First \r\n
+      private
 
-            @buf.slice!(0, 2)          # Second \r\n
+      def run_parser
+        loop do
+          case @state
+          when :FAST_FORWARD
+            break if handle_fast_forward == :want_read
+          when :CONSUME_TOKEN
+            break if handle_consume_token == :want_read
+          when :MIME_HEAD
+            break if handle_mime_head == :want_read
+          when :MIME_BODY
+            break if handle_mime_body == :want_read
+          when :DONE
+            break
+          end
+        end
+      end
 
-            content_type = head[MULTIPART_CONTENT_TYPE, 1]
-            name = head[MULTIPART_CONTENT_DISPOSITION, 1] || head[MULTIPART_CONTENT_ID, 1]
+      def handle_fast_forward
+        if consume_boundary
+          @state = :MIME_HEAD
+        else
+          raise EOFError, "bad content body" if @buf.bytesize >= @bufsize
+          :want_read
+        end
+      end
 
-            filename = get_filename(head)
+      def handle_consume_token
+        tok = consume_boundary
+        # break if we're at the end of a buffer, but not if it is the end of a field
+        if tok == :END_BOUNDARY || (@buf.empty? && tok != :BOUNDARY)
+          @state = :DONE
+        else
+          @state = :MIME_HEAD
+        end
+      end
 
-            if name.nil? || name.empty? && filename
-              name = filename
-            end
+      def handle_mime_head
+        if @buf.index(EOL + EOL)
+          i = @buf.index(EOL+EOL)
+          head = @buf.slice!(0, i+2) # First \r\n
+          @buf.slice!(0, 2)          # Second \r\n
+
+          content_type = head[MULTIPART_CONTENT_TYPE, 1]
+          if name = head[MULTIPART_CONTENT_DISPOSITION, 1]
+            name = Rack::Auth::Digest::Params::dequote(name)
+          else
+            name = head[MULTIPART_CONTENT_ID, 1]
+          end
 
-            if filename
-              (@env['rack.tempfiles'] ||= []) << body = @tempfile.call(filename, content_type)
-              body.binmode  if body.respond_to?(:binmode)
-            end
+          filename = get_filename(head)
 
-            next
+          if name.nil? || name.empty?
+            name = filename || "#{content_type || TEXT_PLAIN}[]"
           end
 
+          @collector.on_mime_head @mime_index, head, filename, content_type, name
+          @state = :MIME_BODY
+        else
+          :want_read
+        end
+      end
+
+      def handle_mime_body
+        if i = @buf.index(rx)
+          # Save the rest.
+          @collector.on_mime_body @mime_index, @buf.slice!(0, i)
+          @buf.slice!(0, 2) # Remove \r\n after the content
+          @state = :CONSUME_TOKEN
+          @mime_index += 1
+        else
           # Save the read body part.
-          if head && (@boundary_size+4 < @buf.size)
-            body << @buf.slice!(0, @buf.size - (@boundary_size+4))
+          if @rx_max_size < @buf.size
+            @collector.on_mime_body @mime_index, @buf.slice!(0, @buf.size - @rx_max_size)
           end
+          :want_read
+        end
+      end
 
-          content = @io.read(@content_length && @bufsize >= @content_length ? @content_length : @bufsize)
-          raise EOFError, "bad content body"  if content.nil? || content.empty?
+      def full_boundary; @full_boundary; end
 
-          @buf << content
-          @content_length -= content.size if @content_length
-        end
+      def rx; @rx; end
 
-        [head, filename, content_type, name, body]
+      def consume_boundary
+        while @buf.gsub!(/\A([^\n]*(?:\n|\Z))/, '')
+          read_buffer = $1
+          case read_buffer.strip
+          when full_boundary then return :BOUNDARY
+          when @end_boundary then return :END_BOUNDARY
+          end
+          return if @buf.empty?
+        end
       end
 
       def get_filename(head)
         filename = nil
         case head
         when RFC2183
-          filename = Hash[head.scan(DISPPARM)]['filename']
-          filename = $1 if filename and filename =~ /^"(.*)"$/
+          params = Hash[*head.scan(DISPPARM).flat_map(&:compact)]
+
+          if filename = params['filename']
+            filename = $1 if filename =~ /^"(.*)"$/
+          elsif filename = params['filename*']
+            encoding, _, filename = filename.split("'", 3)
+          end
         when BROKEN_QUOTED, BROKEN_UNQUOTED
           filename = $1
         end
@@ -169,84 +312,54 @@ module Rack
           filename = Utils.unescape(filename)
         end
 
-        scrub_filename filename
+        filename.scrub!
 
         if filename !~ /\\[^\\"]/
           filename = filename.gsub(/\\(.)/, '\1')
         end
-        filename
-      end
 
-      if "<3".respond_to? :valid_encoding?
-        def scrub_filename(filename)
-          unless filename.valid_encoding?
-            # FIXME: this force_encoding is for Ruby 2.0 and 1.9 support.
-            # We can remove it after they are dropped
-            filename.force_encoding(Encoding::ASCII_8BIT)
-            filename.encode!(:invalid => :replace, :undef => :replace)
-          end
+        if encoding
+          filename.force_encoding ::Encoding.find(encoding)
         end
 
-        CHARSET    = "charset"
-        TEXT_PLAIN = "text/plain"
+        filename
+      end
+
+      CHARSET   = "charset"
 
-        def tag_multipart_encoding(filename, content_type, name, body)
-          name.force_encoding Encoding::UTF_8
+      def tag_multipart_encoding(filename, content_type, name, body)
+        name = name.to_s
+        encoding = Encoding::UTF_8
 
-          return if filename
+        name.force_encoding(encoding)
 
-          encoding = Encoding::UTF_8
+        return if filename
 
-          if content_type
-            list         = content_type.split(';')
-            type_subtype = list.first
-            type_subtype.strip!
-            if TEXT_PLAIN == type_subtype
-              rest         = list.drop 1
-              rest.each do |param|
-                k,v = param.split('=', 2)
-                k.strip!
-                v.strip!
-                encoding = Encoding.find v if k == CHARSET
-              end
+        if content_type
+          list         = content_type.split(';')
+          type_subtype = list.first
+          type_subtype.strip!
+          if TEXT_PLAIN == type_subtype
+            rest         = list.drop 1
+            rest.each do |param|
+              k,v = param.split('=', 2)
+              k.strip!
+              v.strip!
+              v = v[1..-2] if v[0] == '"' && v[-1] == '"'
+              encoding = Encoding.find v if k == CHARSET
             end
           end
-
-          name.force_encoding encoding
-          body.force_encoding encoding
-        end
-      else
-        def scrub_filename(filename)
         end
-        def tag_multipart_encoding(filename, content_type, name, body)
-        end
-      end
-
-      def get_data(filename, body, content_type, name, head)
-        data = body
-        if filename == ""
-          # filename is blank which means no file has been selected
-          return
-        elsif filename
-          body.rewind if body.respond_to?(:rewind)
 
-          # Take the basename of the upload's original filename.
-          # This handles the full Windows paths given by Internet Explorer
-          # (and perhaps other broken user agents) without affecting
-          # those which give the lone filename.
-          filename = filename.split(/[\/\\]/).last
+        name.force_encoding(encoding)
+        body.force_encoding(encoding)
+      end
 
-          data = {:filename => filename, :type => content_type,
-                  :name => name, :tempfile => body, :head => head}
-        elsif !filename && content_type && body.is_a?(IO)
-          body.rewind
 
-          # Generic multipart cases, not coming from a form
-          data = {:type => content_type,
-                  :name => name, :tempfile => body, :head => head}
+      def handle_empty_content!(content)
+        if content.nil? || content.empty?
+          raise EOFError
         end
-
-        yield data
       end
     end
   end