Rely on required boundary=X parameter and do not try to guess

Author: clue

src/Io/MultipartParser.php

@@ -60,37 +60,15 @@ private function parse()
     {
         $this->buffer = (string)$this->request->getBody();
 
-        $this->determineStartMethod();
-
-        return $this->request;
-    }
-
-    private function determineStartMethod()
-    {
-        if (!$this->request->hasHeader('content-type')) {
-            $this->findBoundary();
-            return;
-        }
-
         $contentType = $this->request->getHeaderLine('content-type');
-        preg_match('/boundary="?(.*)"?$/', $contentType, $matches);
-        if (isset($matches[1])) {
-            $this->boundary = $matches[1];
-            $this->parseBuffer();
-            return;
+        if(!preg_match('/boundary="?(.*)"?$/', $contentType, $matches)) {
+            return $this->request;
         }
 
-        $this->findBoundary();
-    }
+        $this->boundary = $matches[1];
+        $this->parseBuffer();
 
-    private function findBoundary()
-    {
-        if (substr($this->buffer, 0, 3) === '---' && strpos($this->buffer, "\r\n") !== false) {
-            $boundary = substr($this->buffer, 2, strpos($this->buffer, "\r\n"));
-            $boundary = substr($boundary, 0, -2);
-            $this->boundary = $boundary;
-            $this->parseBuffer();
-        }
+        return $this->request;
     }
 
     private function parseBuffer()

tests/Io/MultipartParserTest.php

@@ -8,6 +8,30 @@
 
 final class MultipartParserTest extends TestCase
 {
+    public function testDoesNotParseWithoutMultipartFormDataContentType()
+    {
+        $boundary = "---------------------------5844729766471062541057622570";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"single\"\r\n";
+        $data .= "\r\n";
+        $data .= "single\r\n";
+        $data .= "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"second\"\r\n";
+        $data .= "\r\n";
+        $data .= "second\r\n";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/form-data',
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $this->assertEmpty($parsedRequest->getUploadedFiles());
+        $this->assertEmpty($parsedRequest->getParsedBody());
+    }
+
     public function testPostKey()
     {
         $boundary = "---------------------------5844729766471062541057622570";
@@ -23,7 +47,7 @@ public function testPostKey()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -55,7 +79,7 @@ public function testPostStringOverwritesMap()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -84,7 +108,7 @@ public function testPostMapOverwritesString()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -115,7 +139,7 @@ public function testPostVectorOverwritesString()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -146,7 +170,7 @@ public function testPostDeeplyNestedArray()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -178,7 +202,7 @@ public function testEmptyPostValue()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -203,7 +227,7 @@ public function testEmptyPostKey()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -228,7 +252,7 @@ public function testNestedPostKeyAssoc()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -257,7 +281,7 @@ public function testNestedPostKeyVector()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -337,7 +361,7 @@ public function testFileUpload()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/form-data',
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -477,7 +501,7 @@ public function testInvalidContentDispositionMissingWillBeIgnored()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -497,7 +521,7 @@ public function testInvalidContentDispositionWithoutNameWillBeIgnored()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -516,7 +540,7 @@ public function testInvalidMissingEndBoundaryWillBeIgnored()
         $data .= "value\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -539,7 +563,7 @@ public function testInvalidUploadFileWithoutContentTypeUsesNullValue()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -573,7 +597,7 @@ public function testInvalidUploadFileWithoutMultipleContentTypeUsesLastValue()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -606,7 +630,7 @@ public function testUploadEmptyFile()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/form-data',
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -639,7 +663,7 @@ public function testUploadNoFile()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/form-data',
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -676,7 +700,7 @@ public function testPostMaxFileSize()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/form-data',
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);
@@ -730,7 +754,7 @@ public function testPostMaxFileSizeIgnoredByFilesComingBeforeIt()
         $data .= "--$boundary--\r\n";
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/form-data',
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         $parsedRequest = MultipartParser::parseRequest($request);

tests/Middleware/RequestBodyParserMiddlewareTest.php

@@ -149,7 +149,7 @@ public function testMultipartFormDataParsing()
 
 
         $request = new ServerRequest('POST', 'http://example.com/', array(
-            'Content-Type' => 'multipart/form-data',
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
         ), $data, 1.1);
 
         /** @var ServerRequestInterface $parsedRequest */