Replace r.Form.Get with r.PostForm.Get to only parse Post values

Forceu · Forceu · commit 1e564e82029f · 2026-03-03T10:04:29.000+01:00
diff --git a/internal/storage/chunking/Chunking.go b/internal/storage/chunking/Chunking.go
@@ -49,7 +49,7 @@ func ParseChunkInfo(r *http.Request, isApiCall bool) (ChunkInfo, error) {
 		formUuid = "uuid"
 	}
 
-	buf := r.Form.Get(formTotalSize)
+	buf := r.PostForm.Get(formTotalSize)
 	info.TotalFilesizeBytes, err = strconv.ParseInt(buf, 10, 64)
 	if err != nil {
 		return ChunkInfo{}, err
@@ -58,7 +58,7 @@ func ParseChunkInfo(r *http.Request, isApiCall bool) (ChunkInfo, error) {
 		return ChunkInfo{}, errors.New("value cannot be negative")
 	}
 
-	buf = r.Form.Get(formOffset)
+	buf = r.PostForm.Get(formOffset)
 	info.Offset, err = strconv.ParseInt(buf, 10, 64)
 	if err != nil {
 		return ChunkInfo{}, err
@@ -67,7 +67,7 @@ func ParseChunkInfo(r *http.Request, isApiCall bool) (ChunkInfo, error) {
 		return ChunkInfo{}, errors.New("value cannot be negative")
 	}
 
-	info.UUID = r.Form.Get(formUuid)
+	info.UUID = r.PostForm.Get(formUuid)
 	if len(info.UUID) < 10 {
 		return ChunkInfo{}, errors.New("invalid uuid submitted, needs to be at least 10 characters long")
 	}
@@ -87,12 +87,12 @@ func ParseFileHeader(r *http.Request) (FileHeader, error) {
 	if err != nil {
 		return FileHeader{}, err
 	}
-	name := r.Form.Get("filename")
+	name := r.PostForm.Get("filename")
 	if name == "" {
 		return FileHeader{}, errors.New("empty filename provided")
 	}
 	contentType := parseContentType(r)
-	size := r.Form.Get("filesize")
+	size := r.PostForm.Get("filesize")
 	if size == "" {
 		return FileHeader{}, errors.New("empty size provided")
 	}
@@ -111,11 +111,11 @@ func ParseFileHeader(r *http.Request) (FileHeader, error) {
 }
 
 func parseContentType(r *http.Request) string {
-	contentType := r.Form.Get("filecontenttype")
+	contentType := r.PostForm.Get("filecontenttype")
 	if contentType != "" {
 		return contentType
 	}
-	fileExt := strings.ToLower(filepath.Ext(r.Form.Get("filename")))
+	fileExt := strings.ToLower(filepath.Ext(r.PostForm.Get("filename")))
 	switch fileExt {
 	case ".jpg", ".jpeg":
 		contentType = "image/jpeg"
diff --git a/internal/test/TestHelper_test.go b/internal/test/TestHelper_test.go
@@ -4,14 +4,15 @@ package test
 
 import (
 	"errors"
-	"github.com/forceu/gokapi/internal/helper"
 	"io"
 	"log"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"testing"
 	"time"
+
+	"github.com/forceu/gokapi/internal/helper"
 )
 
 var (
@@ -300,13 +301,13 @@ func TestResponseBodyContains(t *testing.T) {
 
 func startTestServer() {
 	http.HandleFunc("/test", func(writer http.ResponseWriter, request *http.Request) {
-		io.WriteString(writer, "TestContent\n")
+		_, _ = io.WriteString(writer, "TestContent\n")
 		for _, cookie := range request.Cookies() {
-			io.WriteString(writer, "cookie name: "+cookie.Name+" cookie value: "+cookie.Value+"\n")
+			_, _ = io.WriteString(writer, "cookie name: "+cookie.Name+" cookie value: "+cookie.Value+"\n")
 		}
-		request.ParseForm()
-		if request.Form.Get("testPostKey") != "" {
-			io.WriteString(writer, "testPostKey: "+request.Form.Get("testPostKey")+"\n")
+		_ = request.ParseForm()
+		if request.PostForm.Get("testPostKey") != "" {
+			_, _ = io.WriteString(writer, "testPostKey: "+request.PostForm.Get("testPostKey")+"\n")
 		}
 	})
 	go func() { log.Fatal(http.ListenAndServe("127.0.0.1:9999", nil)) }()
diff --git a/internal/webserver/Webserver.go b/internal/webserver/Webserver.go
@@ -335,7 +335,7 @@ func changePassword(w http.ResponseWriter, r *http.Request) {
 		var ok bool
 		var pwHash string
 
-		pw := r.Form.Get("newpw")
+		pw := r.PostForm.Get("newpw")
 		errMessage, pwHash, ok = validateNewPassword(pw, user)
 		if ok {
 			user.Password = pwHash
@@ -507,8 +507,8 @@ func showLogin(w http.ResponseWriter, r *http.Request) {
 		fmt.Println(err)
 		return
 	}
-	user := r.Form.Get("username")
-	pw := r.Form.Get("password")
+	user := r.PostForm.Get("username")
+	pw := r.PostForm.Get("password")
 	failedLogin := false
 	if pw != "" && user != "" {
 		ip := logging.GetIpAddress(r)
@@ -581,7 +581,7 @@ func showDownload(w http.ResponseWriter, r *http.Request) {
 
 	if file.PasswordHash != "" {
 		_ = r.ParseForm()
-		enteredPassword := r.Form.Get("password")
+		enteredPassword := r.PostForm.Get("password")
 		if configuration.HashPassword(enteredPassword, true) != file.PasswordHash && !isValidPwCookie(r, file) {
 			if enteredPassword != "" {
 				view.IsFailedLogin = true
diff --git a/internal/webserver/fileupload/FileUpload.go b/internal/webserver/fileupload/FileUpload.go
@@ -108,7 +108,7 @@ func ParseFileHeader(r *http.Request) (string, chunking.FileHeader, models.Uploa
 	if err != nil {
 		return "", chunking.FileHeader{}, models.UploadParameters{}, err
 	}
-	chunkId := r.Form.Get("chunkid")
+	chunkId := r.PostForm.Get("chunkid")
 	config, err := parseConfig(r.Form)
 	if err != nil {
 		return "", chunking.FileHeader{}, models.UploadParameters{}, err

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ func ParseChunkInfo(r *http.Request, isApiCall bool) (ChunkInfo, error) {`
`49`	`49`	`formUuid = "uuid"`
`50`	`50`	`}`
`51`	`51`
`52`		`- buf := r.Form.Get(formTotalSize)`
	`52`	`+ buf := r.PostForm.Get(formTotalSize)`
`53`	`53`	`info.TotalFilesizeBytes, err = strconv.ParseInt(buf, 10, 64)`
`54`	`54`	`if err != nil {`
`55`	`55`	`return ChunkInfo{}, err`
`@@ -58,7 +58,7 @@ func ParseChunkInfo(r *http.Request, isApiCall bool) (ChunkInfo, error) {`
`58`	`58`	`return ChunkInfo{}, errors.New("value cannot be negative")`
`59`	`59`	`}`
`60`	`60`
`61`		`- buf = r.Form.Get(formOffset)`
	`61`	`+ buf = r.PostForm.Get(formOffset)`
`62`	`62`	`info.Offset, err = strconv.ParseInt(buf, 10, 64)`
`63`	`63`	`if err != nil {`
`64`	`64`	`return ChunkInfo{}, err`
`@@ -67,7 +67,7 @@ func ParseChunkInfo(r *http.Request, isApiCall bool) (ChunkInfo, error) {`
`67`	`67`	`return ChunkInfo{}, errors.New("value cannot be negative")`
`68`	`68`	`}`
`69`	`69`
`70`		`- info.UUID = r.Form.Get(formUuid)`
	`70`	`+ info.UUID = r.PostForm.Get(formUuid)`
`71`	`71`	`if len(info.UUID) < 10 {`
`72`	`72`	`return ChunkInfo{}, errors.New("invalid uuid submitted, needs to be at least 10 characters long")`
`73`	`73`	`}`
`@@ -87,12 +87,12 @@ func ParseFileHeader(r *http.Request) (FileHeader, error) {`
`87`	`87`	`if err != nil {`
`88`	`88`	`return FileHeader{}, err`
`89`	`89`	`}`
`90`		`- name := r.Form.Get("filename")`
	`90`	`+ name := r.PostForm.Get("filename")`
`91`	`91`	`if name == "" {`
`92`	`92`	`return FileHeader{}, errors.New("empty filename provided")`
`93`	`93`	`}`
`94`	`94`	`contentType := parseContentType(r)`
`95`		`- size := r.Form.Get("filesize")`
	`95`	`+ size := r.PostForm.Get("filesize")`
`96`	`96`	`if size == "" {`
`97`	`97`	`return FileHeader{}, errors.New("empty size provided")`
`98`	`98`	`}`
`@@ -111,11 +111,11 @@ func ParseFileHeader(r *http.Request) (FileHeader, error) {`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`func parseContentType(r *http.Request) string {`
`114`		`- contentType := r.Form.Get("filecontenttype")`
	`114`	`+ contentType := r.PostForm.Get("filecontenttype")`
`115`	`115`	`if contentType != "" {`
`116`	`116`	`return contentType`
`117`	`117`	`}`
`118`		`- fileExt := strings.ToLower(filepath.Ext(r.Form.Get("filename")))`
	`118`	`+ fileExt := strings.ToLower(filepath.Ext(r.PostForm.Get("filename")))`
`119`	`119`	`switch fileExt {`
`120`	`120`	`case ".jpg", ".jpeg":`
`121`	`121`	`contentType = "image/jpeg"`
Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ func ParseFileHeader(r *http.Request) (string, chunking.FileHeader, models.Uploa`
`108`	`108`	`if err != nil {`
`109`	`109`	`return "", chunking.FileHeader{}, models.UploadParameters{}, err`
`110`	`110`	`}`
`111`		`- chunkId := r.Form.Get("chunkid")`
	`111`	`+ chunkId := r.PostForm.Get("chunkid")`
`112`	`112`	`config, err := parseConfig(r.Form)`
`113`	`113`	`if err != nil {`
`114`	`114`	`return "", chunking.FileHeader{}, models.UploadParameters{}, err`