Handle file uploads with missing or duplicate Content-Type header

clue · clue · commit 7c790efac2d7 · 2017-11-28T15:06:41.000+01:00
diff --git a/src/Io/MultipartParser.php b/src/Io/MultipartParser.php
@@ -140,6 +140,7 @@ private function parseUploadedFile($headers, $body)
     {
         $filename = $this->getParameterFromHeader($headers['content-disposition'], 'filename');
         $bodyLength = strlen($body);
+        $contentType = isset($headers['content-type'][0]) ? $headers['content-type'][0] : null;
 
         // no file selected (zero size and empty filename)
         if ($bodyLength === 0 && $filename === '') {
@@ -148,7 +149,7 @@ private function parseUploadedFile($headers, $body)
                 $bodyLength,
                 UPLOAD_ERR_NO_FILE,
                 $filename,
-                $headers['content-type'][0]
+                $contentType
             );
         }
 
@@ -159,7 +160,7 @@ private function parseUploadedFile($headers, $body)
                 $bodyLength,
                 UPLOAD_ERR_FORM_SIZE,
                 $filename,
-                $headers['content-type'][0]
+                $contentType
             );
         }
 
@@ -168,7 +169,7 @@ private function parseUploadedFile($headers, $body)
             $bodyLength,
             UPLOAD_ERR_OK,
             $filename,
-            $headers['content-type'][0]
+            $contentType
         );
     }
 
diff --git a/tests/Io/MultipartParserTest.php b/tests/Io/MultipartParserTest.php
@@ -419,6 +419,72 @@ public function testInvalidContentDispositionWithoutNameWillBeIgnored()
         $this->assertEmpty($parsedRequest->getParsedBody());
     }
 
+    public function testInvalidUploadFileWithoutContentTypeUsesNullValue()
+    {
+        $boundary = "---------------------------12758086162038677464950549563";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"file\"; filename=\"hello.txt\"\r\n";
+        $data .= "\r\n";
+        $data .= "world\r\n";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $files = $parsedRequest->getUploadedFiles();
+
+        $this->assertCount(1, $files);
+        $this->assertTrue(isset($files['file']));
+        $this->assertInstanceOf('Psr\Http\Message\UploadedFileInterface', $files['file']);
+
+        /* @var $file \Psr\Http\Message\UploadedFileInterface */
+        $file = $files['file'];
+
+        $this->assertSame('hello.txt', $file->getClientFilename());
+        $this->assertSame(null, $file->getClientMediaType());
+        $this->assertSame(5, $file->getSize());
+        $this->assertSame(UPLOAD_ERR_OK, $file->getError());
+        $this->assertSame('world', (string)$file->getStream());
+    }
+
+    public function testInvalidUploadFileWithoutMultipleContentTypeUsesLastValue()
+    {
+        $boundary = "---------------------------12758086162038677464950549563";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"file\"; filename=\"hello.txt\"\r\n";
+        $data .= "Content-Type: text/ignored\r\n";
+        $data .= "Content-Type: text/plain\r\n";
+        $data .= "\r\n";
+        $data .= "world\r\n";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $files = $parsedRequest->getUploadedFiles();
+
+        $this->assertCount(1, $files);
+        $this->assertTrue(isset($files['file']));
+        $this->assertInstanceOf('Psr\Http\Message\UploadedFileInterface', $files['file']);
+
+        /* @var $file \Psr\Http\Message\UploadedFileInterface */
+        $file = $files['file'];
+
+        $this->assertSame('hello.txt', $file->getClientFilename());
+        $this->assertSame('text/plain', $file->getClientMediaType());
+        $this->assertSame(5, $file->getSize());
+        $this->assertSame(UPLOAD_ERR_OK, $file->getError());
+        $this->assertSame('world', (string)$file->getStream());
+    }
+
     public function testUploadEmptyFile()
     {
         $boundary = "---------------------------12758086162038677464950549563";
