From 4da66d19dc0625f088a72c3ae627e2cc17269859 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 5 Aug 2023 15:48:23 +0200 Subject: [PATCH] build(deps): bump formidable from 2.1.2 to 3.5.0 in /src (#5796) * build(deps): bump formidable from 2.1.2 to 3.5.0 in /src Bumps [formidable](https://github.com/node-formidable/formidable) from 2.1.2 to 3.5.0. - [Release notes](https://github.com/node-formidable/formidable/releases) - [Changelog](https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md) - [Commits](https://github.com/node-formidable/formidable/commits/v3.5.0) --- updated-dependencies: - dependency-name: formidable dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * formidable migration --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: John McLear --- src/node/handler/ImportHandler.js | 36 +++++++++++++++--------------- src/node/hooks/express/apicalls.js | 17 +++++++------- src/node/hooks/express/openapi.js | 13 ++++++----- src/package-lock.json | 34 +++++++++++++++++++++++----- src/package.json | 2 +- 5 files changed, 64 insertions(+), 38 deletions(-) diff --git a/src/node/handler/ImportHandler.js b/src/node/handler/ImportHandler.js index c1fbc94d0..5dfc152c5 100644 --- a/src/node/handler/ImportHandler.js +++ b/src/node/handler/ImportHandler.js @@ -89,24 +89,24 @@ const doImport = async (req, res, padId, authorId) => { maxFileSize: settings.importMaxFileSize, }); - // locally wrapped Promise, since form.parse requires a callback - let srcFile = await new Promise((resolve, reject) => { - form.parse(req, (err, fields, files) => { - if (err != null) { - logger.warn(`Import failed due to form error: ${err.stack || err}`); - // I hate doing indexOf here but I can't see anything to use... - if (err && err.stack && err.stack.indexOf('maxFileSize') !== -1) { - return reject(new ImportError('maxFileSize')); - } - return reject(new ImportError('uploadFailed')); - } - if (!files.file) { - logger.warn('Import failed because form had no file'); - return reject(new ImportError('uploadFailed')); - } - resolve(files.file.filepath); - }); - }); + let srcFile; + let files; + let fields; + try { + [fields, files] = await form.parse(req); + } catch (err) { + logger.warn(`Import failed due to form error: ${err.stack || err}`); + if (err.code === Formidable.formidableErrors.biggerThanMaxFileSize) { + throw new ImportError('maxFileSize'); + } + throw new ImportError('uploadFailed'); + } + if (!files.file) { + logger.warn('Import failed because form had no file'); + throw new ImportError('uploadFailed'); + } else { + srcFile = files.file[0].filepath; + } // ensure this is a file ending we know, else we change the file ending to .txt // this allows us to accept source code files like .c or .java diff --git a/src/node/hooks/express/apicalls.js b/src/node/hooks/express/apicalls.js index 010ab14e5..5dbb57e16 100644 --- a/src/node/hooks/express/apicalls.js +++ b/src/node/hooks/express/apicalls.js @@ -8,20 +8,19 @@ const util = require('util'); exports.expressPreSession = async (hookName, {app}) => { // The Etherpad client side sends information about how a disconnect happened - app.post('/ep/pad/connection-diagnostic-info', (req, res) => { - new Formidable().parse(req, (err, fields, files) => { - clientLogger.info(`DIAGNOSTIC-INFO: ${fields.diagnosticInfo}`); - res.end('OK'); - }); + app.post('/ep/pad/connection-diagnostic-info', async (req, res) => { + const [fields, files] = await (new Formidable({})).parse(req); + clientLogger.info(`DIAGNOSTIC-INFO: ${fields.diagnosticInfo}`); + res.end('OK'); }); - const parseJserrorForm = async (req) => await new Promise((resolve, reject) => { + const parseJserrorForm = async (req) => { const form = new Formidable({ maxFileSize: 1, // Files are not expected. Not sure if 0 means unlimited, so 1 is used. }); - form.on('error', (err) => reject(err)); - form.parse(req, (err, fields) => err != null ? reject(err) : resolve(fields.errorInfo)); - }); + const [fields, files] = await form.parse(req); + return fields.errorInfo; + }; // The Etherpad client side sends information about client side javscript errors app.post('/jserror', (req, res, next) => { diff --git a/src/node/hooks/express/openapi.js b/src/node/hooks/express/openapi.js index 0531854aa..240b6fcf5 100644 --- a/src/node/hooks/express/openapi.js +++ b/src/node/hooks/express/openapi.js @@ -15,8 +15,7 @@ */ const OpenAPIBackend = require('openapi-backend').default; -const formidable = require('formidable'); -const {promisify} = require('util'); +const IncomingForm = require('formidable').IncomingForm; const cloneDeep = require('lodash.clonedeep'); const createHTTPError = require('http-errors'); @@ -596,9 +595,13 @@ exports.expressPreSession = async (hookName, {app}) => { // read form data if method was POST let formData = {}; if (c.request.method === 'post') { - const form = new formidable.IncomingForm(); - const parseForm = promisify(form.parse).bind(form); - formData = await parseForm(req); + const form = new IncomingForm(); + formData = (await form.parse(req))[0]; + for (const k of Object.keys(formData)) { + if (formData[k] instanceof Array) { + formData[k] = formData[k][0]; + } + } } const fields = Object.assign({}, header, params, query, formData); diff --git a/src/package-lock.json b/src/package-lock.json index 855ef10b7..e82429db6 100644 --- a/src/package-lock.json +++ b/src/package-lock.json @@ -3312,6 +3312,20 @@ "qs": "^6.10.3", "readable-stream": "^3.6.0", "semver": "^7.3.7" + }, + "dependencies": { + "formidable": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz", + "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==", + "dev": true, + "requires": { + "dezalgo": "^1.0.4", + "hexoid": "^1.0.0", + "once": "^1.4.0", + "qs": "^6.11.0" + } + } } } } @@ -3644,14 +3658,13 @@ } }, "formidable": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz", - "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==", + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/formidable/-/formidable-3.5.0.tgz", + "integrity": "sha512-WwsMWvPmY+Kv37C3+KP3A+2Ym1aZoac4nz4ZEe5z0UPBoCg0O/wHay3eeYkZr4KJIbCzpSUeno+STMhde+KCfw==", "requires": { "dezalgo": "^1.0.4", "hexoid": "^1.0.0", - "once": "^1.4.0", - "qs": "^6.11.0" + "once": "^1.4.0" } }, "forwarded": { @@ -10598,6 +10611,17 @@ "ms": "2.1.2" } }, + "formidable": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz", + "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==", + "requires": { + "dezalgo": "^1.0.4", + "hexoid": "^1.0.0", + "once": "^1.4.0", + "qs": "^6.11.0" + } + }, "mime": { "version": "2.6.0", "resolved": "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz", diff --git a/src/package.json b/src/package.json index ab5b41cc7..5b9cd0c9f 100644 --- a/src/package.json +++ b/src/package.json @@ -43,7 +43,7 @@ "express-session": "npm:@etherpad/express-session@^1.18.2", "fast-deep-equal": "^3.1.3", "find-root": "1.1.0", - "formidable": "^2.1.2", + "formidable": "^3.5.0", "http-errors": "^2.0.0", "js-cookie": "^3.0.5", "jsdom": "^20.0.0",