feat(serverHandler/upload): restrict upload form name scope

marjune163 · marjune163 · commit b34f0c3e1c81 · 2021-06-19T00:38:29.000+08:00
Previously, if form name is not `dirfile` or `innerdirfile`, assume form
name is `dir` and skip checking the name provided.

Now if provided name is unrecognized, just ignore the whole form part
and will not write its content to file.
diff --git a/src/serverHandler/upload.go b/src/serverHandler/upload.go
@@ -85,6 +85,8 @@ func (h *handler) saveUploadFiles(fsPrefix string, createDir, overwriteExists bo
 			if prefixSlashIndex > 0 {
 				fsInfix = filepath[prefixSlashIndex+1:]
 			}
+		} else if formname != file {
+			continue
 		}
 
 		filePrefix := fsPrefix

Original file line number	Diff line number	Diff line change
`@@ -85,6 +85,8 @@ func (h *handler) saveUploadFiles(fsPrefix string, createDir, overwriteExists bo`
`85`	`85`	`if prefixSlashIndex > 0 {`
`86`	`86`	`fsInfix = filepath[prefixSlashIndex+1:]`
`87`	`87`	`}`
	`88`	`+ } else if formname != file {`
	`89`	`+ continue`
`88`	`90`	`}`
`89`	`91`
`90`	`92`	`filePrefix := fsPrefix`