Ignore multipart chunks without name

Author: clue

src/Io/MultipartParser.php

@@ -116,36 +116,29 @@ private function parseChunk($chunk)
             return;
         }
 
-        if ($this->headerStartsWith($headers['content-disposition'], 'filename')) {
-            $this->parseFile($headers, $body);
+        if (!$this->headerContainsParameter($headers['content-disposition'], 'name')) {
             return;
         }
 
-        if ($this->headerStartsWith($headers['content-disposition'], 'name')) {
+        if ($this->headerContainsParameter($headers['content-disposition'], 'filename')) {
+            $this->parseFile($headers, $body);
+        } else {
             $this->parsePost($headers, $body);
-            return;
         }
     }
 
     private function parseFile($headers, $body)
     {
-        if (
-            !$this->headerContains($headers['content-disposition'], 'name=') ||
-            !$this->headerContains($headers['content-disposition'], 'filename=')
-        ) {
-            return;
-        }
-
         $this->request = $this->request->withUploadedFiles($this->extractPost(
             $this->request->getUploadedFiles(),
-            $this->getFieldFromHeader($headers['content-disposition'], 'name'),
+            $this->getParameterFromHeader($headers['content-disposition'], 'name'),
             $this->parseUploadedFile($headers, $body)
         ));
     }
 
     private function parseUploadedFile($headers, $body)
     {
-        $filename = $this->getFieldFromHeader($headers['content-disposition'], 'filename');
+        $filename = $this->getParameterFromHeader($headers['content-disposition'], 'filename');
         $bodyLength = strlen($body);
 
         // no file selected (zero size and empty filename)
@@ -217,33 +210,22 @@ private function parseHeaders($header)
         return $headers;
     }
 
-    private function headerStartsWith(array $header, $needle)
-    {
-        foreach ($header as $part) {
-            if (strpos($part, $needle) === 0) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    private function headerContains(array $header, $needle)
+    private function headerContainsParameter(array $header, $parameter)
     {
         foreach ($header as $part) {
-            if (strpos($part, $needle) !== false) {
+            if (strpos($part, $parameter . '=') === 0) {
                 return true;
             }
         }
 
         return false;
     }
 
-    private function getFieldFromHeader(array $header, $field)
+    private function getParameterFromHeader(array $header, $parameter)
     {
         foreach ($header as $part) {
-            if (strpos($part, $field) === 0) {
-                preg_match('/' . $field . '="?(.*)"$/', $part, $matches);
+            if (strpos($part, $parameter) === 0) {
+                preg_match('/' . $parameter . '="?(.*)"$/', $part, $matches);
                 return $matches[1];
             }
         }

tests/Io/MultipartParserTest.php

@@ -197,12 +197,50 @@ public function testFileUpload()
         $this->assertSame("<?php echo 'Owner';\r\n\r\n", (string)$files['files'][2]->getStream());
     }
 
+    public function testInvalidContentDispositionMissingWillBeIgnored()
+    {
+        $boundary = "---------------------------5844729766471062541057622570";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Type: text/plain\r\n";
+        $data .= "\r\n";
+        $data .= "hello";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $this->assertEmpty($parsedRequest->getUploadedFiles());
+        $this->assertEmpty($parsedRequest->getParsedBody());
+    }
+
+    public function testInvalidContentDispositionWithoutNameWillBeIgnored()
+    {
+        $boundary = "---------------------------5844729766471062541057622570";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; something=\"key\"\r\n";
+        $data .= "\r\n";
+        $data .= "value";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $this->assertEmpty($parsedRequest->getUploadedFiles());
+        $this->assertEmpty($parsedRequest->getParsedBody());
+    }
+
     public function testUploadEmptyFile()
     {
         $boundary = "---------------------------12758086162038677464950549563";
 
-        $file = base64_decode("R0lGODlhAQABAIAAAP///wAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==");
-
         $data  = "--$boundary\r\n";
         $data .= "Content-Disposition: form-data; name=\"file\"; filename=\"empty\"\r\n";
         $data .= "Content-type: text/plain\r\n";
@@ -236,8 +274,6 @@ public function testUploadNoFile()
     {
         $boundary = "---------------------------12758086162038677464950549563";
 
-        $file = base64_decode("R0lGODlhAQABAIAAAP///wAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==");
-
         $data  = "--$boundary\r\n";
         $data .= "Content-Disposition: form-data; name=\"file\"; filename=\"\"\r\n";
         $data .= "Content-type: application/octet-stream\r\n";