Stack overflow on multipart upload with domains #11
Comments
It's the API from |
|
Ok, I understand. It is for file nesting. I do not know how to fix this... The What I see is that we pass the qs lib an object that it is not designed to process (and should not). As a consumer of the multiparty lib, I am interested in receiving deserialized objects passed to me by the client or file descriptions with paths on the file system. The Providing the |
|
But even then, just deleting the |
|
I fear the root cause is using |
No, the old |
|
Mmm, it seems that the problem is that clone thing... The previous code was doing more or less the same except that the input wasn't cloned. I wonder why this was introduced... |
IDK :) That's one of the reasons I suggested filing a ticket with |
|
Another possible solution: don't use the qs module. E.g. don't use connect-multiparty and use multiparty directly. I've never agreed with qs's philosophy. It puts too much power in the hands of the user (possible attacker). |
👍 :) |
|
OK, I'll just use |
|
OK, this should be fixed with version 1.2.2. |
|
FYI, issue is still there. |
|
Thanks, @jfaissolle . I put in an issue here: ljharb/qs#31 |
|
@jfaissolle so I was assuming the error was because of a simple circular reference, but |
|
@jfaissolle I was able to confirm that |
|
I published |
|
Thanks so much, @nlf ! :) @jfaissolle I also published version 1.2.3 of this module to npm that requires a minimum version of qs at 2.2.1. Let us know if the issue is still not fixed. |
|
Thanks for taking care of this @dougwilson and @nlf 👍 |
|
Original issue (stack overflow) fixed. New issue with the |
|
ok. i submitted an issue here: ljharb/qs#33 i'm not going to re-open this issue because it seems we are going to keep finding new things, but i don't know what you are doing to be able to verify myself that your project is all fixed :) |
|
Ok thanks. |
|
@jfaissolle ok, version 1.2.4 should hopefully fix all this stuff for you. |
|
Fix confirmed, thanks ! |
|
yay! |
Hello,
I am encountering a stack overflow exception on file uploads with connect-multiparty 1.2.1 when using domains. Version 1.1.0 did not have it.
I have traced the problem to the last versions of the qs library. This version performs a clone operation. The
fileobject produced by node-multiparty contains a stream which in turns contains the domain which in turn contains the request and reply objects. Cloning the file object gives an infinite recursion.I have submitted a pull request on node-multiparty (pillarjs/multiparty#85) to remove the stream from the file object (which seems not necessary).
Looking at the code of connect-multiparty, I do not understand why the parse function is called on the
filesobject. Is there a case where this array contains query strings instead of file descriptions ?If there is no such case, getting rid of the parsing operation would also solve the problem.
Regards
The text was updated successfully, but these errors were encountered: