Improved Content-Disposition parsing (added support for 'token' definition of the 'disp-extension-parm' rule, RFC 2616 section 19.5.1)

TanukiSharp · TanukiSharp · commit 7c7416abf246 · 2015-08-20T02:20:18.000+09:00
diff --git a/lib/incoming_form.js b/lib/incoming_form.js
@@ -352,7 +352,8 @@ IncomingForm.prototype._initMultipart = function(boundary) {
     headerField = headerField.toLowerCase();
     part.headers[headerField] = headerValue;
 
-    var m = headerValue.match(/\bname="([^"]+)"/i);
+    // matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+    var m = headerValue.match(/\bname=("([^"]+)"|([^\(\)<>@,;:\\"\/\[\]\?=\{\}\s\t/]+))/i);
     if (headerField == 'content-disposition') {
       if (m) {
         part.name = m[1];
@@ -421,7 +422,8 @@ IncomingForm.prototype._initMultipart = function(boundary) {
 };
 
 IncomingForm.prototype._fileName = function(headerValue) {
-  var m = headerValue.match(/\bfilename="(.*?)"($|; )/i);
+  // matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+  var m = headerValue.match(/\bfilename=("(.*?)"|([^\(\)<>@,;:\\"\/\[\]\?=\{\}\s\t/]+))($|;\s)/i);
   if (!m) return;
 
   var filename = m[1].substr(m[1].lastIndexOf('\\') + 1);
