Version 2.0.4

Author: vkholodkov

Changelog

@@ -1,4 +1,24 @@
 
+Version 2.0.4
+ * Fixed bug: location configuration of upload_set_form_field and upload_pass_form_field
+   was not inheritable from server configuration.
+ * Added feature: directive upload_aggregate_form_field to pass aggragate properties
+   of a file like file size, MD5 and SHA1 sums to backend.
+ * Fixed bug: missing CRLF at the end of resulting body.
+ * Change: optimized out some unnecessary memory allocations and zeroing.
+
+Version 2.0.3
+ * upload_store directive was not able to receive more than one argument.
+   As a result no hashed dirs for file uploads were possible.
+ * upload_store_access directive did not work at all. Permissions were
+   defaulted to user:rw. Thanks to Brian Moran.
+ * In case of any errors at the last chunk of request body only 500 Internal Server Error
+   was generated intead of 400 Bad Request and 503 Service Unavailable.
+ * Fixed copyrights for temporary file name generation code
+ * Fixed compilation issue on 0.6.32. Thanks to Tomas Pollak.
+ * Added directive upload_pass_form_field to specify fields
+   to pass to backend. Fixes security hole found by Brian Moran.
+
 Version 2.0.2
  * Fixed crash in logging filename while aborting upload
  * Added feasible debug logging

LICENCE

@@ -1,4 +1,4 @@
-* Copyright (c) 2008, Valery Kholodkov
+* Copyright (c) 2006, 2008, Valery Kholodkov
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without

config

@@ -1,3 +1,5 @@
+USE_MD5=YES
+USE_SHA1=YES
 ngx_addon_name=ngx_http_upload_module
 HTTP_MODULES="$HTTP_MODULES ngx_http_upload_module"
 NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_upload_module.c"

index.php renamed to example.php

@@ -1,33 +1,37 @@
 <?php
 $header_prefix = 'file';
-$upload_dir = 'upload';
 $slots = 6;
-
+?>
+<html>
+<head>
+<title>Test upload</title>
+</head>
+<body>
+<?
 if ($_POST){
-	for ($i=0;$i<=$slots;$i++){
+    echo "<h2>Uploaded files:</h2>";
+    echo "<table border=\"2\" cellpadding=\"2\">";
+
+    echo "<tr><td>Name</td><td>Location</td><td>Content type</td><td>MD5</td><td>Size</tr>";
+
+	for ($i=1;$i<=$slots;$i++){
 		$key = $header_prefix.$i;
 		if (array_key_exists($key."_name", $_POST) && array_key_exists($key."_path",$_POST)) {
 			$tmp_name = $_POST[$key."_path"];
 			$name = $_POST[$key."_name"];
-			$newname = $upload_dir."/".$name;
-			if (rename($tmp_name, $newname)) {
-				echo "Moved to $upload_dir successfull<br/>\n";
-			} else {
-				echo "Failed to move file<br/>\n";
-			}
-		}else{
-			continue;
+			$content_type = $_POST[$key."_content_type"];
+			$md5 = $_POST[$key."_md5"];
+			$size = $_POST[$key."_size"];
+
+            echo "<tr><td>$name</td><td>$tmp_name</td><td>$content_type</td><td>$md5</td><td>$size</td>";
 		}
 	}
-}else{?>
 
-<html>
-<head>
-<title>Test upload</title>
-</head>
-<body>
+    echo "</table>";
+
+}else{?>
 <h2>Select files to upload</h2>
-<form name="upload" method="POST" enctype="multipart/form-data" action="/doupload">
+<form name="upload" method="POST" enctype="multipart/form-data" action="/upload">
 <input type="file" name="file1"><br>
 <input type="file" name="file2"><br>
 <input type="file" name="file3"><br>
@@ -37,8 +41,7 @@
 <input type="submit" name="submit" value="Upload">
 <input type="hidden" name="test" value="value">
 </form>
+<?}
+?>
 </body>
 </html>
-	
-<?}
-?>

nginx.conf

@@ -3,7 +3,6 @@ worker_processes  20;
 
 error_log  logs/error.log notice;
 
-user root nobody;
 working_directory /usr/local/nginx;
 
 events {
@@ -15,15 +14,34 @@ http {
     default_type  application/octet-stream;
 
     server {
-        client_max_body_size 100m;
         listen       80;
-        server_name  localhost;
+        client_max_body_size 100m;
 
+        # Upload form should be submitted to this location
         location /upload {
+            # Pass altered request body to this location
             upload_pass   /test;
-            upload_store /tmp;
+
+            # Store files to this directory
+            # The directory is hashed, subdirectories 0 1 2 3 4 5 6 7 8 9 should exist
+            upload_store /tmp 1;
+            
+            # Allow uploaded files to be read only by user
+            upload_store_access user:r;
+
+            # Set specified fields in request body
+            upload_set_form_field "${upload_field_name}_name" $upload_file_name;
+            upload_set_form_field "${upload_field_name}_content_type" $upload_content_type;
+            upload_set_form_field "${upload_field_name}_path" $upload_tmp_path;
+
+            # Inform backend about hash and size of a file
+            upload_aggregate_form_field "${upload_field_name}_md5" $upload_file_md5;
+            upload_aggregate_form_field "${upload_field_name}_size" $upload_file_size;
+
+            upload_pass_form_field "^submit$|^description$";
         }
 
+        # Pass altered request body to a backend
         location /test {
             proxy_pass   http://localhost:8080;
         }