jonjenkins / express-upload Goto Github PK

I've tried numbers of times, but the result of
console.log(req.body);
console.log(req.files);
is：
{}
undefined

if I remove the
enctype="multipart/form-data"
of the form,
console.log(req.body);
console.log(req.files);
is
{ thumbnail: 'w.txt' }
undefined

(thumbnail is the name of the input file element)

what I'm using is
Windows OS nodejs 0.10.24
express 3.4.8
and have tried express 3.5.4
and ejs module

Do you think that's the problem of the version?
Do you think that's the problem of the unicode?(I'm using UTF-8)
Do you think there're still some error in the code?

Thank you very much for you help!

Multer uploads all files in the POST request to the uploads directory, regardless of what the variable is called. This means you can sneak files onto the server just by POSTing them with a different variable name. You can do with without error on the server side by uploading a valid file along with an invalid one.

This will also happen for any other POST request you can make to the server (even if the route is not meant to handle file uploads), which although is not an issue for this example it will be an issue for any application that handles other POST requests.

Not sure of the best way to handle it, but firstly using a explicit path when you use the multer middleware would stop the second issue:

app.configure(function () {
    app.use('/api/upload', multer({
        ...

Then multer should only handle file uplaods from routes that you are expecting to handle file uploads.

Then you must deal with other files explicitly, either by looping over all the files in req.files or by rejecting files that are not inside your expected variable which could possibly be done with onFileUploadStart().

I know that these are not real issues for this example as it is only an example. But people copying this will probably not be aware of any of these issues (I am struggling to find any example that even mentions any of these issues, which is a little worrying).