/** * Validates a $_FILES array against the upload configuration * * @param array $file_array The $_FILES array for a single file * @return string The validation error message */ private function validateField($file_array) { if (empty($file_array['name'])) { if ($this->required) { return self::compose('Please upload a file'); } return NULL; } if ($file_array['error'] == UPLOAD_ERR_FORM_SIZE || $file_array['error'] == UPLOAD_ERR_INI_SIZE) { $max_size = !empty($_POST['MAX_FILE_SIZE']) ? $_POST['MAX_FILE_SIZE'] : ini_get('upload_max_filesize'); $max_size = !is_numeric($max_size) ? fFilesystem::convertToBytes($max_size) : $max_size; return self::compose('The file uploaded is over the limit of %s', fFilesystem::formatFilesize($max_size)); } if ($this->max_size && $file_array['size'] > $this->max_size) { return self::compose('The file uploaded is over the limit of %s', fFilesystem::formatFilesize($this->max_size)); } if (empty($file_array['tmp_name']) || empty($file_array['size'])) { if ($this->required) { return self::compose('Please upload a file'); } return NULL; } if (!empty($this->mime_types) && file_exists($file_array['tmp_name'])) { $contents = file_get_contents($file_array['tmp_name'], FALSE, NULL, 0, 4096); if (!in_array(fFile::determineMimeType($file_array['name'], $contents), $this->mime_types)) { return self::compose($this->mime_type_message); } } if (!$this->allow_php) { $file_info = fFilesystem::getPathInfo($file_array['name']); if (in_array(strtolower($file_info['extension']), array('php', 'php4', 'php5'))) { return self::compose('The file uploaded is a PHP file, but those are not permitted'); } } if (!$this->allow_dot_files) { if (substr($file_array['name'], 0, 1) == '.') { return self::compose('The name of the uploaded file may not being with a .'); } } if ($this->image_dimensions && file_exists($file_array['tmp_name'])) { if (fImage::isImageCompatible($file_array['tmp_name'])) { list($width, $height, $other) = getimagesize($file_array['tmp_name']); if ($this->image_dimensions['min_width'] && $width < $this->image_dimensions['min_width']) { return self::compose('The uploaded image is narrower than the minimum width of %spx', $this->image_dimensions['min_width']); } if ($this->image_dimensions['min_height'] && $height < $this->image_dimensions['min_height']) { return self::compose('The uploaded image is shorter than the minimum height of %spx', $this->image_dimensions['min_height']); } if ($this->image_dimensions['max_width'] && $width > $this->image_dimensions['max_width']) { return self::compose('The uploaded image is wider than the maximum width of %spx', $this->image_dimensions['max_width']); } if ($this->image_dimensions['max_height'] && $height > $this->image_dimensions['max_height']) { return self::compose('The uploaded image is taller than the maximum height of %spx', $this->image_dimensions['max_height']); } } } if ($this->image_ratio && file_exists($file_array['tmp_name'])) { if (fImage::isImageCompatible($file_array['tmp_name'])) { list($width, $height, $other) = getimagesize($file_array['tmp_name']); if ($this->image_ratio['allow_excess_dimension'] == 'width' && $width / $height < $this->image_ratio['width'] / $this->image_ratio['height']) { return self::compose('The uploaded image is too narrow for its height. The required ratio is %1$sx%2$s or wider.', $this->image_ratio['width'], $this->image_ratio['height']); } if ($this->image_ratio['allow_excess_dimension'] == 'height' && $width / $height > $this->image_ratio['width'] / $this->image_ratio['height']) { return self::compose('The uploaded image is too short for its width. The required ratio is %1$sx%2$s or taller.', $this->image_ratio['width'], $this->image_ratio['height']); } } } }
/** * Validates the uploaded file, ensuring a file was actually uploaded and that is matched the restrictions put in place * * @throws fValidationException When no file is uploaded or the uploaded file violates the options set for this object * * @param string $field The field the file was uploaded through * @param integer $index If the field was an array of file uploads, this specifies which one to validate * @return void */ public function validate($field, $index = NULL) { if (!self::check($field)) { throw new fProgrammerException('The field specified, %s, does not appear to be a file upload field', $field); } $file_array = $this->extractFileUploadArray($field, $index); // Do some validation of the file provided if (empty($file_array['name'])) { throw new fValidationException('Please upload a file'); } if ($file_array['error'] == UPLOAD_ERR_FORM_SIZE || $file_array['error'] == UPLOAD_ERR_INI_SIZE) { $max_size = !empty($_POST['MAX_FILE_SIZE']) ? $_POST['MAX_FILE_SIZE'] : ini_get('upload_max_filesize'); $max_size = !is_numeric($max_size) ? fFilesystem::convertToBytes($max_size) : $max_size; $msg = $this->max_message != "" ? $this->max_message : 'The file uploaded is over the limit of %s'; throw new fValidationException($msg, fFilesystem::formatFilesize($max_size)); } if ($this->max_file_size && $file_array['size'] > $this->max_file_size) { $msg = $this->max_message != "" ? $this->max_message : 'The file uploaded is over the limit of %s'; throw new fValidationException($msg, fFilesystem::formatFilesize($this->max_file_size)); } if (empty($file_array['tmp_name']) || empty($file_array['size'])) { throw new fValidationException('Please upload a file'); } if (!empty($this->mime_types) && file_exists($file_array['tmp_name']) && !in_array(fFile::determineMimeType($file_array['tmp_name']), $this->mime_types)) { throw new fValidationException($this->mime_type_message); } if (!$this->allow_php) { $file_info = fFilesystem::getPathInfo($file_array['name']); if (in_array(strtolower($file_info['extension']), array('php', 'php4', 'php5'))) { throw new fValidationException('The file uploaded is a PHP file, but those are not permitted'); } } return $file_array; }
/** * Extracts the filename and mime-type from an fFile object * * @param string|fFile &$contents The file to extrapolate the info from * @param string &$filename The filename to use for the file * @param string &$mime_type The mime type of the file * @return void */ private function extrapolateFileInfo(&$contents, &$filename, &$mime_type) { if ($contents instanceof fFile) { if ($filename === NULL) { $filename = $contents->getName(); } if ($mime_type === NULL) { $mime_type = $contents->getMimeType(); } $contents = $contents->read(); } else { if (!self::stringlike($filename)) { throw new fProgrammerException('The filename specified, %s, does not appear to be a valid filename', $filename); } $filename = (string) $filename; if ($mime_type === NULL) { $mime_type = fFile::determineMimeType($filename, $contents); } } }
/** * Validates a $_FILES array against the upload configuration * * @param array $file_array The $_FILES array for a single file * @return string The validation error message */ private function validateField($file_array) { if (empty($file_array['name'])) { if ($this->required) { return self::compose('Please upload a file'); } return NULL; } if ($file_array['error'] == UPLOAD_ERR_FORM_SIZE || $file_array['error'] == UPLOAD_ERR_INI_SIZE) { $max_size = !empty($_POST['MAX_FILE_SIZE']) ? $_POST['MAX_FILE_SIZE'] : ini_get('upload_max_filesize'); $max_size = !is_numeric($max_size) ? fFilesystem::convertToBytes($max_size) : $max_size; return self::compose('The file uploaded is over the limit of %s', fFilesystem::formatFilesize($max_size)); } if ($this->max_size && $file_array['size'] > $this->max_size) { return self::compose('The file uploaded is over the limit of %s', fFilesystem::formatFilesize($this->max_size)); } if (empty($file_array['tmp_name']) || empty($file_array['size'])) { if ($this->required) { return self::compose('Please upload a file'); } return NULL; } if (!empty($this->mime_types) && file_exists($file_array['tmp_name'])) { $contents = file_get_contents($file_array['tmp_name'], FALSE, NULL, 0, 4096); if (!in_array(fFile::determineMimeType($file_array['name'], $contents), $this->mime_types)) { return self::compose($this->mime_type_message); } } if (!$this->allow_php) { $file_info = fFilesystem::getPathInfo($file_array['name']); if (in_array(strtolower($file_info['extension']), array('php', 'php4', 'php5'))) { return self::compose('The file uploaded is a PHP file, but those are not permitted'); } } if (!$this->allow_dot_files) { if (substr($file_array['name'], 0, 1) == '.') { return self::compose('The name of the uploaded file may not being with a .'); } } }