Browse Source

New Context.FormFiles method

pull/1778/head
Gerasimos (Makis) Maropoulos 1 month ago
parent
commit
8f9140b705
No known key found for this signature in database GPG Key ID: ACAB76DFB0DD3F3B
3 changed files with 70 additions and 1 deletions
  1. +1
    -0
      HISTORY.md
  2. +46
    -1
      context/context.go
  3. +23
    -0
      core/netutil/addr.go

+ 1
- 0
HISTORY.md View File

@@ -396,6 +396,7 @@ var dirOpts = iris.DirOptions{
## New Context Methods
- `Context.FormFiles(key string, before ...func(*Context, *multipart.FileHeader) bool) (files []multipart.File, headers []*multipart.FileHeader, err error)` method.
- `Context.ReadURL(ptr interface{}) error` shortcut of `ReadParams` and `ReadQuery`. Binds URL dynamic path parameters and URL query parameters to the given "ptr" pointer of a struct value.
- `Context.SetUser(User)` and `Context.User() User` to store and retrieve an authenticated client. Read more [here](https://github.com/iris-contrib/middleware/issues/63).
- `Context.SetLogoutFunc(fn interface{}, persistenceArgs ...interface{})` and `Logout(args ...interface{}) error` methods to allow different kind of auth middlewares to be able to set a "logout" a user/client feature with a single function, the route handler may not be aware of the implementation of the authentication used.


+ 46
- 1
context/context.go View File

@@ -1943,6 +1943,51 @@ func (ctx *Context) FormFile(key string) (multipart.File, *multipart.FileHeader,
return ctx.request.FormFile(key)
}

// FormFiles same as FormFile but may return multiple file inputs based on a key, e.g. "files[]".
func (ctx *Context) FormFiles(key string, before ...func(*Context, *multipart.FileHeader) bool) (files []multipart.File, headers []*multipart.FileHeader, err error) {
err = ctx.request.ParseMultipartForm(ctx.app.ConfigurationReadOnly().GetPostMaxMemory())
if err != nil {
return
}

if ctx.request.MultipartForm != nil {
fhs := ctx.request.MultipartForm.File
if n := len(fhs); n > 0 {
files = make([]multipart.File, 0, n)
headers = make([]*multipart.FileHeader, 0, n)

innerLoop:
for _, header := range fhs[key] {
// Fix an issue that net/http has,
// an attacker can push a filename
// which could lead to override existing system files
// by ../../$header.
// Reported by Frank through security reports.
header.Filename = strings.ReplaceAll(header.Filename, "../", "")
header.Filename = strings.ReplaceAll(header.Filename, "..\\", "")

for _, b := range before {
if !b(ctx, header) {
continue innerLoop
}
}

file, fErr := header.Open()
if fErr != nil { // exit on first error but return the succeed.
return files, headers, fErr
}

files = append(files, file)
headers = append(headers, header)
}
}

return
}

return nil, nil, http.ErrMissingFile
}

// UploadFormFiles uploads any received file(s) from the client
// to the system physical location "destDirectory".
//
@@ -1967,7 +2012,7 @@ func (ctx *Context) FormFile(key string) (multipart.File, *multipart.FileHeader,
// the `WithPostMaxMemory` configurator or by `SetMaxRequestBodySize` or
// by the `LimitRequestBodySize` middleware (depends the use case).
//
// See `FormFile` to a more controlled way to receive a file.
// See `FormFile` and `FormFiles` to a more controlled way to receive a file.
//
// Example: https://github.com/kataras/iris/tree/master/_examples/file-server/upload-files
func (ctx *Context) UploadFormFiles(destDirectory string, before ...func(*Context, *multipart.FileHeader) bool) (uploaded []*multipart.FileHeader, n int64, err error) {


+ 23
- 0
core/netutil/addr.go View File

@@ -98,6 +98,29 @@ var IsLoopbackHost = func(requestHost string) bool {
return valid
}

/*
func isLoopbackHostGoVersion(host string) bool {
ip := net.ParseIP(host)
if ip != nil {
return ip.IsLoopback()
}

// Host is not an ip, perform lookup.
addrs, err := net.LookupHost(host)
if err != nil {
return false
}

for _, addr := range addrs {
if !net.ParseIP(addr).IsLoopback() {
return false
}
}

return true
}
*/

const (
// defaultServerHostname returns the default hostname which is "localhost"
defaultServerHostname = "localhost"


Loading…
Cancel
Save