@@ -380,7 +380,7 @@ <h1 class="page-title">Source: tmp.js</h1>
380380 if (index > = 0) _removeObjects.splice(index, 1);
381381
382382 called = true;
383- if (sync || removeFunction === FN_RMDIR_SYNC || removeFunction == FN_RIMRAF_SYNC) {
383+ if (sync || removeFunction === FN_RMDIR_SYNC || removeFunction === FN_RIMRAF_SYNC) {
384384 return removeFunction(fileOrDirName);
385385 } else {
386386 return removeFunction(fileOrDirName, next || function() {});
@@ -479,7 +479,13 @@ <h1 class="page-title">Source: tmp.js</h1>
479479 return [{}, callback];
480480 }
481481
482- return [options, callback];
482+ // copy options so we do not leak the changes we make internally
483+ const actualOptions = {};
484+ for (const key of Object.getOwnPropertyNames(options)) {
485+ actualOptions[key] = options[key];
486+ }
487+
488+ return [actualOptions, callback];
483489}
484490
485491/**
@@ -491,7 +497,7 @@ <h1 class="page-title">Source: tmp.js</h1>
491497 */
492498function _generateTmpName(opts) {
493499
494- const tmpDir = _getTmpDir() ;
500+ const tmpDir = opts.tmpdir ;
495501
496502 /* istanbul ignore else */
497503 if (!_isUndefined(opts.name))
@@ -508,8 +514,7 @@ <h1 class="page-title">Source: tmp.js</h1>
508514 process.pid,
509515 '-',
510516 _randomChars(12),
511- '-',
512- opts.postfix ? opts.postfix : ''
517+ opts.postfix ? '-' + opts.postfix : ''
513518 ].join('');
514519
515520 return path.join(tmpDir, opts.dir, name);
@@ -523,7 +528,11 @@ <h1 class="page-title">Source: tmp.js</h1>
523528 * @private
524529 */
525530function _assertAndSanitizeOptions(options) {
526- const tmpDir = _getTmpDir();
531+
532+ options.tmpdir = _getTmpDir(options);
533+
534+ const tmpDir = options.tmpdir;
535+
527536 /* istanbul ignore else */
528537 if (!_isUndefined(options.name))
529538 _assertIsRelative(options.name, 'name', tmpDir);
@@ -554,7 +563,7 @@ <h1 class="page-title">Source: tmp.js</h1>
554563 options.template = _isBlank(options.template) ? undefined : path.relative(options.dir, options.template);
555564
556565 // for completeness' sake only, also keep (multiple) blanks if the user, purportedly sane, requests us to
557- options.name = _isUndefined(options.name) ? undefined : options.name;
566+ options.name = _isUndefined(options.name) ? undefined : _sanitizeName( options.name) ;
558567 options.prefix = _isUndefined(options.prefix) ? '' : options.prefix;
559568 options.postfix = _isUndefined(options.postfix) ? '' : options.postfix;
560569}
@@ -571,11 +580,26 @@ <h1 class="page-title">Source: tmp.js</h1>
571580 * @private
572581 */
573582function _resolvePath(name, tmpDir) {
574- if (name.startsWith(tmpDir)) {
575- return path.resolve(name);
583+ const sanitizedName = _sanitizeName(name);
584+ if (sanitizedName.startsWith(tmpDir)) {
585+ return path.resolve(sanitizedName);
576586 } else {
577- return path.resolve(path.join(tmpDir, name));
587+ return path.resolve(path.join(tmpDir, sanitizedName));
588+ }
589+ }
590+
591+ /**
592+ * Sanitize the specified path name by removing all quote characters.
593+ *
594+ * @param name
595+ * @returns {string}
596+ * @private
597+ */
598+ function _sanitizeName(name) {
599+ if (_isBlank(name)) {
600+ return name;
578601 }
602+ return name.replace(/["']/g, '');
579603}
580604
581605/**
@@ -663,10 +687,11 @@ <h1 class="page-title">Source: tmp.js</h1>
663687 * Returns the currently configured tmp dir from os.tmpdir().
664688 *
665689 * @private
690+ * @param {?Options} options
666691 * @returns {string} the currently configured tmp dir
667692 */
668- function _getTmpDir() {
669- return path.resolve(os.tmpdir());
693+ function _getTmpDir(options ) {
694+ return path.resolve(_sanitizeName(options && options.tmpdir || os.tmpdir() ));
670695}
671696
672697// Install process exit listener
@@ -681,9 +706,10 @@ <h1 class="page-title">Source: tmp.js</h1>
681706 * @property (?int) mode the access mode, defaults are 0o700 for directories and 0o600 for files
682707 * @property {?string} template the "mkstemp" like filename template
683708 * @property {?string} name fixed name relative to tmpdir or the specified dir option
684- * @property {?string} dir tmp directory relative to the system tmp directory to use
709+ * @property {?string} dir tmp directory relative to the root tmp directory in use
685710 * @property {?string} prefix prefix for the generated name
686711 * @property {?string} postfix postfix for the generated name
712+ * @property {?string} tmpdir the root tmp directory which overrides the os tmpdir
687713 * @property {?boolean} unsafeCleanup recursively removes the created temporary directory, even when it's not empty
688714 * @property {?boolean} detachDescriptor detaches the file descriptor, caller is responsible for closing the file, tmp will no longer try closing the file during garbage collection
689715 * @property {?boolean} discardDescriptor discards the file descriptor (closes file, fd is -1), tmp will no longer try closing the file during garbage collection
@@ -760,7 +786,7 @@ <h1 class="page-title">Source: tmp.js</h1>
760786
761787// exporting all the needed methods
762788
763- // evaluate os.tmpdir () lazily, mainly for simplifying testing but it also will
789+ // evaluate _getTmpDir () lazily, mainly for simplifying testing but it also will
764790// allow users to reconfigure the temporary directory
765791Object.defineProperty(module.exports, 'tmpdir', {
766792 enumerable: true,
@@ -796,7 +822,7 @@ <h2><a href="index.html">Home</a></h2><h3>Global</h3><ul><li><a href="global.htm
796822< br class ="clear ">
797823
798824< footer >
799- Documentation generated by < a href ="https://github.com/jsdoc/jsdoc "> JSDoc 3.6.3</ a > on Sat Feb 08 2020 01:04:48 GMT+0100 (GMT+01 :00)
825+ Documentation generated by < a href ="https://github.com/jsdoc/jsdoc "> JSDoc 3.6.3</ a > on Tue Apr 28 2020 21:12:13 GMT+0200 (GMT+02 :00)
800826</ footer >
801827
802828< script > prettyPrint ( ) ; </ script >
0 commit comments