Struct multipart::server::MultipartFile [] [src]

pub struct MultipartFile<M> {
    pub filename: Option<String>,
    pub content_type: Mime,
    // some fields omitted
}

A representation of a file in HTTP multipart/form-data.

Note that the file is not yet saved to the local filesystem; instead, this struct exposes Read and BufRead impls which point to the beginning of the file's contents in the HTTP stream.

You can read it to EOF, or use one of the save() method to save it to disk.

Fields

The filename of this entry, if supplied.

Warning: Client Provided / Untrustworthy

You should treat this value as untrustworthy because it is an arbitrary string provided by the client.

It is a serious security risk to create files or directories with paths based on user input. A malicious user could craft a path which can be used to overwrite important files, such as web templates, static assets, Javascript files, database files, configuration files, etc., if they are writable by the server process.

This can be mitigated somewhat by setting filesystem permissions as conservatively as possible and running the server under its own user with restricted permissions, but you should still not use user input directly as filesystem paths. If it is truly necessary, you should sanitize filenames such that they cannot be misinterpreted by the OS. Such functionality is outside the scope of this crate.

The MIME type (Content-Type value) of this file, if supplied by the client, or "applicaton/octet-stream" otherwise.

Note: Client Provided

Consider this value to be potentially untrustworthy, as it is provided by the client. It may be inaccurate or entirely wrong, depending on how the client determined it.

Some variants wrap arbitrary strings which could be abused by a malicious user if your application performs any non-idempotent operations based on their value, such as starting another program or querying/updating a database (web-search "SQL injection").

Methods

impl<M> MultipartFile<M>
[src]

[src]

Deprecated since 0.10.0

: filename field is now public

Get the filename of this entry, if supplied.

Warning: Client Provided / Untrustworthy

You should treat this value as untrustworthy because it is an arbitrary string provided by the client.

It is a serious security risk to create files or directories with paths based on user input. A malicious user could craft a path which can be used to overwrite important files, such as web templates, static assets, Javascript files, database files, configuration files, etc., if they are writable by the server process.

This can be mitigated somewhat by setting filesystem permissions as conservatively as possible and running the server under its own user with restricted permissions, but you should still not use user input directly as filesystem paths. If it is truly necessary, you should sanitize filenames such that they cannot be misinterpreted by the OS. Such functionality is outside the scope of this crate.

[src]

Deprecated since 0.10.0

: content_type field is now public

Get the MIME type (Content-Type value) of this file, if supplied by the client, or "applicaton/octet-stream" otherwise.

Note: Client Provided

Consider this value to be potentially untrustworthy, as it is provided by the client. It may be inaccurate or entirely wrong, depending on how the client determined it.

Some variants wrap arbitrary strings which could be abused by a malicious user if your application performs any non-idempotent operations based on their value, such as starting another program or querying/updating a database (web-search "SQL injection").

impl<M> MultipartFile<M> where
    M: ReadEntry
[src]

[src]

Get a builder type which can save the file with or without a size limit.

[src]

Deprecated since 0.10.0

: use .save().write_to() instead

Save this file to the given output stream.

If successful, returns the number of bytes written.

Retries when io::Error::kind() == io::ErrorKind::Interrupted.

[src]

Deprecated since 0.10.0

: use .save().size_limit(limit).write_to(out) instead

Save this file to the given output stream, truncated to limit (no more than limit bytes will be written out).

If successful, returns the number of bytes written.

Retries when io::Error::kind() == io::ErrorKind::Interrupted.

[src]

Deprecated since 0.10.0

: use .save().with_path(path) instead

Save this file to path.

Returns the saved file info on success, or any errors otherwise.

Retries when io::Error::kind() == io::ErrorKind::Interrupted.

[src]

Deprecated since 0.10.0

: use .save().with_dir(dir) instead

Save this file in the directory pointed at by dir, using a random alphanumeric string as the filename.

Any missing directories in the dir path will be created.

Returns the saved file's info on success, or any errors otherwise.

Retries when io::Error::kind() == io::ErrorKind::Interrupted.

[src]

Deprecated since 0.10.0

: use .save().size_limit(limit).with_path(path) instead

Save this file to path, truncated to limit (no more than limit bytes will be written out).

Any missing directories in the dir path will be created.

Returns the saved file's info on success, or any errors otherwise.

Retries when io::Error::kind() == io::ErrorKind::Interrupted.

[src]

Deprecated since 0.10.0

: use .save().size_limit(limit).with_dir(dir) instead

Save this file in the directory pointed at by dir, using a random alphanumeric string as the filename.

Truncates file to limit (no more than limit bytes will be written out).

Any missing directories in the dir path will be created.

Returns the saved file's info on success, or any errors otherwise.

Retries when io::Error::kind() == io::ErrorKind::Interrupted.

Trait Implementations

impl<M: Debug> Debug for MultipartFile<M>
[src]

[src]

Formats the value using the given formatter.

impl<M: ReadEntry> Read for MultipartFile<M>
[src]

[src]

Pull some bytes from this source into the specified buffer, returning how many bytes were read. Read more

[src]

🔬 This is a nightly-only experimental API. (read_initializer)

Determines if this Reader can work with buffers of uninitialized memory. Read more

1.0.0
[src]

Read all bytes until EOF in this source, placing them into buf. Read more

1.0.0
[src]

Read all bytes until EOF in this source, placing them into buf. Read more

1.6.0
[src]

Read the exact number of bytes required to fill buf. Read more

1.0.0
[src]

Creates a "by reference" adaptor for this instance of Read. Read more

1.0.0
[src]

Transforms this Read instance to an [Iterator] over its bytes. Read more

[src]

🔬 This is a nightly-only experimental API. (io)

the semantics of a partial read/write of where errors happen is currently unclear and may change

Transforms this Read instance to an [Iterator] over [char]s. Read more

1.0.0
[src]

Creates an adaptor which will chain this stream with another. Read more

1.0.0
[src]

Creates an adaptor which will read at most limit bytes from it. Read more

impl<M: ReadEntry> BufRead for MultipartFile<M>
[src]

[src]

Fills the internal buffer of this object, returning the buffer contents. Read more

[src]

Tells this buffer that amt bytes have been consumed from the buffer, so they should no longer be returned in calls to read. Read more

1.0.0
[src]

Read all bytes into buf until the delimiter byte or EOF is reached. Read more

1.0.0
[src]

Read all bytes until a newline (the 0xA byte) is reached, and append them to the provided buffer. Read more

1.0.0
[src]

Returns an iterator over the contents of this reader split on the byte byte. Read more

1.0.0
[src]

Returns an iterator over the lines of this reader. Read more