diff --git a/README.md b/README.md
index 5b1a098..0f6e3a6 100644
--- a/README.md
+++ b/README.md
@@ -121,6 +121,7 @@ Pass in non-Busboy options directly to the middleware. These are express-fileupl
Option | Acceptable Values | Details
--- | --- | ---
safeFileNames | false **(default)**true- regex
| Strips characters from the upload's filename. You can use custom regex to determine what to strip. If set to `true`, non-alphanumeric characters _except_ dashes and underscores will be stripped. This option is off by default.
**Example #1 (strip slashes from file names):** `app.use(fileUpload({ safeFileNames: /\\/g }))`
**Example #2:** `app.use(fileUpload({ safeFileNames: true }))`
+preserveExtension | false **(default)**true*Number*
| Preserves filename extension when using safeFileNames option. If set to true, will default to an extension length of 3. If set to *Number*, this will be the max allowable extension length. If an extension is smaller than the extension length, it remains untouched. If the extension is longer, it is shifted.
**Example #1 (true):**
app.use(fileUpload({ safeFileNames: true, preserveExtension: true }));
*myFileName.ext* --> *myFileName.ext*
**Example #2 (max extension length 2, extension truncated):**
app.use(fileUpload({ safeFileNames: true, preserveExtension: 2 }));
*myFileName.ext* --> *myFileNamee.xt*
# Help Wanted
Pull Requests are welcomed!
diff --git a/lib/index.js b/lib/index.js
index c34d443..885025f 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -15,7 +15,7 @@ module.exports = function(options) {
return function(req, res, next) {
if (!hasBody(req) || !hasAcceptableMethod(req) || !hasAcceptableMime(req))
- return next();
+ return next();
processMultipart(options, req, res, next);
};
@@ -85,14 +85,37 @@ function processMultipart(options, req, res, next) {
// see: https://github.com/richardgirges/express-fileupload/issues/14
// firefox uploads empty file in case of cache miss when f5ing page.
// resulting in unexpected behavior. if there is no file data, the file is invalid.
- if(!buf.length)
+ if (!buf.length)
return;
if (options.safeFileNames) {
+ let extensionLength = 3;
+ let extension = '';
+
if (typeof options.safeFileNames === 'object')
safeFileNameRegex = options.safeFileNames;
- filename = filename.replace(safeFileNameRegex, '');
+ if (options.preserveExtension) {
+ if (typeof options.preserveExtension === 'number')
+ extensionLength = options.preserveExtension;
+
+ let filenameParts = filename.split('.');
+ let filenamePartsLen = filenameParts.length;
+ if (filenamePartsLen > 1) {
+ extension = filenameParts.pop();
+
+ if (extension.length > extensionLength) {
+ filenameParts[filenameParts.length - 1] +=
+ '.' + extension.substr(0, extension.length - extensionLength);
+ extension = extension.substr(-extensionLength);
+ }
+
+ extension = '.' + extension.replace(safeFileNameRegex, '');
+ filename = filenameParts.join('.');
+ }
+ }
+
+ filename = filename.replace(safeFileNameRegex, '').concat(extension);
}
let newFile = {
@@ -123,9 +146,9 @@ function processMultipart(options, req, res, next) {
} else {
// Array fields
if (req.files[fieldname] instanceof Array)
- req.files[fieldname].push(newFile);
+ req.files[fieldname].push(newFile);
else
- req.files[fieldname] = [req.files[fieldname], newFile];
+ req.files[fieldname] = [req.files[fieldname], newFile];
}
});
});