Struct multipart::server::save::SavedFile
[−]
[src]
pub struct SavedFile {
pub path: PathBuf,
pub filename: Option<String>,
pub content_type: Mime,
pub size: u64,
}A file saved to the local filesystem from a multipart request.
Fields
path: PathBuf
The complete path this file was saved at.
filename: Option<String>
Warning: Client Provided / Untrustworthy
You should treat this value as untrustworthy because it is an arbitrary string provided by the client.
It is a serious security risk to create files or directories with paths based on user input. A malicious user could craft a path which can be used to overwrite important files, such as web templates, static assets, Javascript files, database files, configuration files, etc., if they are writable by the server process.
This can be mitigated somewhat by setting filesystem permissions as conservatively as possible and running the server under its own user with restricted permissions, but you should still not use user input directly as filesystem paths. If it is truly necessary, you should sanitize filenames such that they cannot be misinterpreted by the OS. Such functionality is outside the scope of this crate.
content_type: Mime
The MIME type (Content-Type value) of this file, if supplied by the client,
or "applicaton/octet-stream" otherwise.
Note: Client Provided
Consider this value to be potentially untrustworthy, as it is provided by the client. It may be inaccurate or entirely wrong, depending on how the client determined it.
Some variants wrap arbitrary strings which could be abused by a malicious user if your application performs any non-idempotent operations based on their value, such as starting another program or querying/updating a database (web-search "SQL injection").
size: u64
The number of bytes written to the disk.