Changed uploadDir to initialize from formData and customized further for PairIDE.

Author: ayrus

README.md

@@ -1,6 +1,8 @@
 jquery-file-upload-middleware
 =============================
 
+> This module has been mofified and customized to work with [PairIDE](https://github.com/pairide/pairide). Original readme is appended below as is.
+
 jQuery-File-Upload Express.js middleware. Based on the server code of [jQuery-File-Upload](https://github.com/blueimp/jQuery-File-Upload)
 
 Installation:

lib/uploadhandler.js

@@ -6,19 +6,41 @@ var EventEmitter = require('events').EventEmitter,
     mkdirp = require('mkdirp'),
     _ = require('lodash');
 
-module.exports = function (options) {
+var upload_directory = null;
+var FileInfo = null;
+var username = null;
+
+function get_upload_directory(){
+    return upload_directory;
+}
+
+function validatePath(relativePath, fileName){
+
+    relativePath = unescape(relativePath);
+    fileName = unescape(fileName);
 
-    var FileInfo = require('./fileinfo')(
-        _.extend({
-            baseDir: options.uploadDir
-        }, _.pick(options, 'minFileSize', 'maxFileSize', 'acceptFileTypes'))
-    );
+    var fullPath = relativePath + fileName;
+    //Check for .. in relative path
+    var pathReg1 = /.*\.\..*/;
+    //Check that the fileName doesn't contain / or \
+    var pathReg2 = /(.*(\/|\\).*)/;
+    //Further validation on the name mostly ensures characters are alphanumeric 
+    var pathReg3 = /^([a-zA-Z0-9_ .]|-)*$/;
+
+    return !(pathReg1.exec(relativePath)
+          || pathReg2.exec(fileName)
+          || !pathReg3.exec(fileName)
+          || pathReg1.exec(fullPath));
+}
+
+module.exports = function (options) {
 
     var UploadHandler = function (req, res, callback) {
         EventEmitter.call(this);
         this.req = req;
         this.res = res;
         this.callback = callback;
+        username = req.session.user_id;
     };
     require('util').inherits(UploadHandler, EventEmitter);
 
@@ -31,23 +53,6 @@ module.exports = function (options) {
     };
 
     UploadHandler.prototype.get = function () {
-        this.noCache();
-        var files = [];
-        fs.readdir(options.uploadDir(), _.bind(function (err, list) {
-            _.each(list, function (name) {
-                var stats = fs.statSync(options.uploadDir() + '/' + name),
-                    fileInfo;
-                if (stats.isFile()) {
-                    fileInfo = new FileInfo({
-                        name: name,
-                        size: stats.size
-                    });
-                    this.initUrls(fileInfo);
-                    files.push(fileInfo);
-                }
-            }, this);
-            this.callback(files);
-        }, this));
     };
 
     UploadHandler.prototype.post = function () {
@@ -74,6 +79,7 @@ module.exports = function (options) {
         form.uploadDir = options.tmpDir;
         form
             .on('fileBegin', function (name, file) {
+                console.log("Begin file... ");
                 tmpFiles.push(file.path);
                 var fileInfo = new FileInfo(file);
                 fileInfo.safeName();
@@ -82,6 +88,20 @@ module.exports = function (options) {
                 self.emit('begin', fileInfo);
             })
             .on('field', function (name, value) {
+
+                if(!validatePath(value, "")){
+                    return;
+                }
+                md5h = require('MD5'),
+                app_dir = require('../../../config').app_dir;
+                upload_directory = app_dir + '/users/' + md5h(username) + value;
+
+                FileInfo = require('./fileinfo')(
+                    _.extend({
+                        baseDir: function() { return get_upload_directory(); }
+                    }, _.pick(options, 'minFileSize', 'maxFileSize', 'acceptFileTypes'))
+                );
+
                 if (name === 'redirect') {
                     redirect = value;
                 }
@@ -99,33 +119,33 @@ module.exports = function (options) {
                         if (options.imageTypes.test(fileInfo.name)) {
                             _.each(options.imageVersions, function (value, version) {
                                 // creating directory recursive
-                                if (!fs.existsSync(options.uploadDir() + '/' + version + '/'))
-                                    mkdirp.sync(options.uploadDir() + '/' + version + '/');
+                                if (!fs.existsSync(get_upload_directory() + '/' + version + '/'))
+                                    mkdirp.sync(get_upload_directory() + '/' + version + '/');
 
                                 counter++;
                                 var opts = options.imageVersions[version];
                                 imageMagick.resize({
                                     width: opts.width,
                                     height: opts.height,
-                                    srcPath: options.uploadDir() + '/' + fileInfo.name,
-                                    dstPath: options.uploadDir() + '/' + version + '/' + fileInfo.name,
+                                    srcPath: get_upload_directory() + '/' + fileInfo.name,
+                                    dstPath: get_upload_directory() + '/' + version + '/' + fileInfo.name,
                                     customArgs: opts.imageArgs || ['-auto-orient']
                                 }, finish);
                             });
                         }
                     }
 
-                    if (!fs.existsSync(options.uploadDir() + '/'))
-                        mkdirp.sync(options.uploadDir() + '/');
+                    if (!fs.existsSync(get_upload_directory() + '/'))
+                        mkdirp.sync(get_upload_directory() + '/');
 
                     counter++;
-                    fs.rename(file.path, options.uploadDir() + '/' + fileInfo.name, function (err) {
+                    fs.rename(file.path, get_upload_directory() + '/' + fileInfo.name, function (err) {
                         if (!err) {
                             generatePreviews();
                             finish();
                         } else {
                             var is = fs.createReadStream(file.path);
-                            var os = fs.createWriteStream(options.uploadDir() + '/' + fileInfo.name);
+                            var os = fs.createWriteStream(get_upload_directory() + '/' + fileInfo.name);
                             is.on('end', function (err) {
                                 if (!err) {
                                     fs.unlinkSync(file.path);
@@ -157,16 +177,6 @@ module.exports = function (options) {
     };
 
     UploadHandler.prototype.destroy = function () {
-        var self = this,
-            fileName = path.basename(decodeURIComponent(this.req.url));
-
-        fs.unlink(options.uploadDir() + '/' + fileName, function (ex) {
-            _.each(options.imageVersions, function (value, version) {
-                fs.unlink(options.uploadDir() + '/' + version + '/' + fileName);
-            });
-            self.emit('delete', fileName);
-            self.callback(!ex);
-        });
     };
 
     UploadHandler.prototype.initUrls = function (fileInfo) {