FileValidator.php
17.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace yii\validators;
use Yii;
use yii\helpers\Html;
use yii\helpers\Json;
use yii\web\JsExpression;
use yii\web\UploadedFile;
use yii\helpers\FileHelper;
/**
* FileValidator verifies if an attribute is receiving a valid uploaded file.
*
* Note that you should enable `fileinfo` PHP extension.
*
* @property int $sizeLimit The size limit for uploaded files. This property is read-only.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0
*/
class FileValidator extends Validator
{
/**
* @var array|string a list of file name extensions that are allowed to be uploaded.
* This can be either an array or a string consisting of file extension names
* separated by space or comma (e.g. "gif, jpg").
* Extension names are case-insensitive. Defaults to null, meaning all file name
* extensions are allowed.
* @see wrongExtension for the customized message for wrong file type.
*/
public $extensions;
/**
* @var bool whether to check file type (extension) with mime-type. If extension produced by
* file mime-type check differs from uploaded file extension, the file will be considered as invalid.
*/
public $checkExtensionByMimeType = true;
/**
* @var array|string a list of file MIME types that are allowed to be uploaded.
* This can be either an array or a string consisting of file MIME types
* separated by space or comma (e.g. "text/plain, image/png").
* The mask with the special character `*` can be used to match groups of mime types.
* For example `image/*` will pass all mime types, that begin with `image/` (e.g. `image/jpeg`, `image/png`).
* Mime type names are case-insensitive. Defaults to null, meaning all MIME types are allowed.
* @see wrongMimeType for the customized message for wrong MIME type.
*/
public $mimeTypes;
/**
* @var int the minimum number of bytes required for the uploaded file.
* Defaults to null, meaning no limit.
* @see tooSmall for the customized message for a file that is too small.
*/
public $minSize;
/**
* @var int the maximum number of bytes required for the uploaded file.
* Defaults to null, meaning no limit.
* Note, the size limit is also affected by `upload_max_filesize` and `post_max_size` INI setting
* and the 'MAX_FILE_SIZE' hidden field value. See [[getSizeLimit()]] for details.
* @see http://php.net/manual/en/ini.core.php#ini.upload-max-filesize
* @see http://php.net/post-max-size
* @see getSizeLimit
* @see tooBig for the customized message for a file that is too big.
*/
public $maxSize;
/**
* @var int the maximum file count the given attribute can hold.
* Defaults to 1, meaning single file upload. By defining a higher number,
* multiple uploads become possible. Setting it to `0` means there is no limit on
* the number of files that can be uploaded simultaneously.
*
* > Note: The maximum number of files allowed to be uploaded simultaneously is
* also limited with PHP directive `max_file_uploads`, which defaults to 20.
*
* @see http://php.net/manual/en/ini.core.php#ini.max-file-uploads
* @see tooMany for the customized message when too many files are uploaded.
*/
public $maxFiles = 1;
/**
* @var string the error message used when a file is not uploaded correctly.
*/
public $message;
/**
* @var string the error message used when no file is uploaded.
* Note that this is the text of the validation error message. To make uploading files required,
* you have to set [[skipOnEmpty]] to `false`.
*/
public $uploadRequired;
/**
* @var string the error message used when the uploaded file is too large.
* You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {file}: the uploaded file name
* - {limit}: the maximum size allowed (see [[getSizeLimit()]])
* - {formattedLimit}: the maximum size formatted
* with [[\yii\i18n\Formatter::asShortSize()|Formatter::asShortSize()]]
*/
public $tooBig;
/**
* @var string the error message used when the uploaded file is too small.
* You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {file}: the uploaded file name
* - {limit}: the value of [[minSize]]
* - {formattedLimit}: the value of [[minSize]] formatted
* with [[\yii\i18n\Formatter::asShortSize()|Formatter::asShortSize()]
*/
public $tooSmall;
/**
* @var string the error message used if the count of multiple uploads exceeds limit.
* You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {limit}: the value of [[maxFiles]]
*/
public $tooMany;
/**
* @var string the error message used when the uploaded file has an extension name
* that is not listed in [[extensions]]. You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {file}: the uploaded file name
* - {extensions}: the list of the allowed extensions.
*/
public $wrongExtension;
/**
* @var string the error message used when the file has an mime type
* that is not allowed by [[mimeTypes]] property.
* You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {file}: the uploaded file name
* - {mimeTypes}: the value of [[mimeTypes]]
*/
public $wrongMimeType;
/**
* @inheritdoc
*/
public function init()
{
parent::init();
if ($this->message === null) {
$this->message = Yii::t('yii', 'File upload failed.');
}
if ($this->uploadRequired === null) {
$this->uploadRequired = Yii::t('yii', 'Please upload a file.');
}
if ($this->tooMany === null) {
$this->tooMany = Yii::t('yii', 'You can upload at most {limit, number} {limit, plural, one{file} other{files}}.');
}
if ($this->wrongExtension === null) {
$this->wrongExtension = Yii::t('yii', 'Only files with these extensions are allowed: {extensions}.');
}
if ($this->tooBig === null) {
$this->tooBig = Yii::t('yii', 'The file "{file}" is too big. Its size cannot exceed {formattedLimit}.');
}
if ($this->tooSmall === null) {
$this->tooSmall = Yii::t('yii', 'The file "{file}" is too small. Its size cannot be smaller than {formattedLimit}.');
}
if (!is_array($this->extensions)) {
$this->extensions = preg_split('/[\s,]+/', strtolower($this->extensions), -1, PREG_SPLIT_NO_EMPTY);
} else {
$this->extensions = array_map('strtolower', $this->extensions);
}
if ($this->wrongMimeType === null) {
$this->wrongMimeType = Yii::t('yii', 'Only files with these MIME types are allowed: {mimeTypes}.');
}
if (!is_array($this->mimeTypes)) {
$this->mimeTypes = preg_split('/[\s,]+/', strtolower($this->mimeTypes), -1, PREG_SPLIT_NO_EMPTY);
} else {
$this->mimeTypes = array_map('strtolower', $this->mimeTypes);
}
}
/**
* @inheritdoc
*/
public function validateAttribute($model, $attribute)
{
if ($this->maxFiles != 1) {
$files = $model->$attribute;
if (!is_array($files)) {
$this->addError($model, $attribute, $this->uploadRequired);
return;
}
foreach ($files as $i => $file) {
if (!$file instanceof UploadedFile || $file->error == UPLOAD_ERR_NO_FILE) {
unset($files[$i]);
}
}
$model->$attribute = array_values($files);
if (empty($files)) {
$this->addError($model, $attribute, $this->uploadRequired);
}
if ($this->maxFiles && count($files) > $this->maxFiles) {
$this->addError($model, $attribute, $this->tooMany, ['limit' => $this->maxFiles]);
} else {
foreach ($files as $file) {
$result = $this->validateValue($file);
if (!empty($result)) {
$this->addError($model, $attribute, $result[0], $result[1]);
}
}
}
} else {
$result = $this->validateValue($model->$attribute);
if (!empty($result)) {
$this->addError($model, $attribute, $result[0], $result[1]);
}
}
}
/**
* @inheritdoc
*/
protected function validateValue($value)
{
if (!$value instanceof UploadedFile || $value->error == UPLOAD_ERR_NO_FILE) {
return [$this->uploadRequired, []];
}
switch ($value->error) {
case UPLOAD_ERR_OK:
if ($this->maxSize !== null && $value->size > $this->getSizeLimit()) {
return [
$this->tooBig,
[
'file' => $value->name,
'limit' => $this->getSizeLimit(),
'formattedLimit' => Yii::$app->formatter->asShortSize($this->getSizeLimit()),
],
];
} elseif ($this->minSize !== null && $value->size < $this->minSize) {
return [
$this->tooSmall,
[
'file' => $value->name,
'limit' => $this->minSize,
'formattedLimit' => Yii::$app->formatter->asShortSize($this->minSize),
],
];
} elseif (!empty($this->extensions) && !$this->validateExtension($value)) {
return [$this->wrongExtension, ['file' => $value->name, 'extensions' => implode(', ', $this->extensions)]];
} elseif (!empty($this->mimeTypes) && !$this->validateMimeType($value)) {
return [$this->wrongMimeType, ['file' => $value->name, 'mimeTypes' => implode(', ', $this->mimeTypes)]];
}
return null;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
return [$this->tooBig, [
'file' => $value->name,
'limit' => $this->getSizeLimit(),
'formattedLimit' => Yii::$app->formatter->asShortSize($this->getSizeLimit()),
]];
case UPLOAD_ERR_PARTIAL:
Yii::warning('File was only partially uploaded: ' . $value->name, __METHOD__);
break;
case UPLOAD_ERR_NO_TMP_DIR:
Yii::warning('Missing the temporary folder to store the uploaded file: ' . $value->name, __METHOD__);
break;
case UPLOAD_ERR_CANT_WRITE:
Yii::warning('Failed to write the uploaded file to disk: ' . $value->name, __METHOD__);
break;
case UPLOAD_ERR_EXTENSION:
Yii::warning('File upload was stopped by some PHP extension: ' . $value->name, __METHOD__);
break;
default:
break;
}
return [$this->message, []];
}
/**
* Returns the maximum size allowed for uploaded files.
* This is determined based on four factors:
*
* - 'upload_max_filesize' in php.ini
* - 'post_max_size' in php.ini
* - 'MAX_FILE_SIZE' hidden field
* - [[maxSize]]
*
* @return int the size limit for uploaded files.
*/
public function getSizeLimit()
{
// Get the lowest between post_max_size and upload_max_filesize, log a warning if the first is < than the latter
$limit = $this->sizeToBytes(ini_get('upload_max_filesize'));
$postLimit = $this->sizeToBytes(ini_get('post_max_size'));
if ($postLimit > 0 && $postLimit < $limit) {
Yii::warning('PHP.ini\'s \'post_max_size\' is less than \'upload_max_filesize\'.', __METHOD__);
$limit = $postLimit;
}
if ($this->maxSize !== null && $limit > 0 && $this->maxSize < $limit) {
$limit = $this->maxSize;
}
if (isset($_POST['MAX_FILE_SIZE']) && $_POST['MAX_FILE_SIZE'] > 0 && $_POST['MAX_FILE_SIZE'] < $limit) {
$limit = (int) $_POST['MAX_FILE_SIZE'];
}
return $limit;
}
/**
* @inheritdoc
* @param bool $trim
*/
public function isEmpty($value, $trim = false)
{
$value = is_array($value) ? reset($value) : $value;
return !($value instanceof UploadedFile) || $value->error == UPLOAD_ERR_NO_FILE;
}
/**
* Converts php.ini style size to bytes
*
* @param string $sizeStr $sizeStr
* @return int
*/
private function sizeToBytes($sizeStr)
{
switch (substr($sizeStr, -1)) {
case 'M':
case 'm':
return (int) $sizeStr * 1048576;
case 'K':
case 'k':
return (int) $sizeStr * 1024;
case 'G':
case 'g':
return (int) $sizeStr * 1073741824;
default:
return (int) $sizeStr;
}
}
/**
* Checks if given uploaded file have correct type (extension) according current validator settings.
* @param UploadedFile $file
* @return bool
*/
protected function validateExtension($file)
{
$extension = mb_strtolower($file->extension, 'UTF-8');
if ($this->checkExtensionByMimeType) {
$mimeType = FileHelper::getMimeType($file->tempName, null, false);
if ($mimeType === null) {
return false;
}
$extensionsByMimeType = FileHelper::getExtensionsByMimeType($mimeType);
if (!in_array($extension, $extensionsByMimeType, true)) {
return false;
}
}
if (!in_array($extension, $this->extensions, true)) {
return false;
}
return true;
}
/**
* @inheritdoc
*/
public function clientValidateAttribute($model, $attribute, $view)
{
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'yii.validation.file(attribute, messages, ' . Json::encode($options) . ');';
}
/**
* @inheritdoc
*/
public function getClientOptions($model, $attribute)
{
$label = $model->getAttributeLabel($attribute);
$options = [];
if ($this->message !== null) {
$options['message'] = $this->formatMessage($this->message, [
'attribute' => $label,
]);
}
$options['skipOnEmpty'] = $this->skipOnEmpty;
if (!$this->skipOnEmpty) {
$options['uploadRequired'] = $this->formatMessage($this->uploadRequired, [
'attribute' => $label,
]);
}
if ($this->mimeTypes !== null) {
$mimeTypes = [];
foreach ($this->mimeTypes as $mimeType) {
$mimeTypes[] = new JsExpression(Html::escapeJsRegularExpression($this->buildMimeTypeRegexp($mimeType)));
}
$options['mimeTypes'] = $mimeTypes;
$options['wrongMimeType'] = $this->formatMessage($this->wrongMimeType, [
'attribute' => $label,
'mimeTypes' => implode(', ', $this->mimeTypes),
]);
}
if ($this->extensions !== null) {
$options['extensions'] = $this->extensions;
$options['wrongExtension'] = $this->formatMessage($this->wrongExtension, [
'attribute' => $label,
'extensions' => implode(', ', $this->extensions),
]);
}
if ($this->minSize !== null) {
$options['minSize'] = $this->minSize;
$options['tooSmall'] = $this->formatMessage($this->tooSmall, [
'attribute' => $label,
'limit' => $this->minSize,
'formattedLimit' => Yii::$app->formatter->asShortSize($this->minSize),
]);
}
if ($this->maxSize !== null) {
$options['maxSize'] = $this->maxSize;
$options['tooBig'] = $this->formatMessage($this->tooBig, [
'attribute' => $label,
'limit' => $this->getSizeLimit(),
'formattedLimit' => Yii::$app->formatter->asShortSize($this->getSizeLimit()),
]);
}
if ($this->maxFiles !== null) {
$options['maxFiles'] = $this->maxFiles;
$options['tooMany'] = $this->formatMessage($this->tooMany, [
'attribute' => $label,
'limit' => $this->maxFiles,
]);
}
return $options;
}
/**
* Builds the RegExp from the $mask
*
* @param string $mask
* @return string the regular expression
* @see mimeTypes
*/
private function buildMimeTypeRegexp($mask)
{
return '/^' . str_replace('\*', '.*', preg_quote($mask, '/')) . '$/';
}
/**
* Checks the mimeType of the $file against the list in the [[mimeTypes]] property
*
* @param UploadedFile $file
* @return bool whether the $file mimeType is allowed
* @throws \yii\base\InvalidConfigException
* @see mimeTypes
* @since 2.0.8
*/
protected function validateMimeType($file)
{
$fileMimeType = FileHelper::getMimeType($file->tempName);
foreach ($this->mimeTypes as $mimeType) {
if ($mimeType === $fileMimeType) {
return true;
}
if (strpos($mimeType, '*') !== false && preg_match($this->buildMimeTypeRegexp($mimeType), $fileMimeType)) {
return true;
}
}
return false;
}
}