1. sfValidatorFile.class.php
  2. /**
 * sfValidatorFile validates an uploaded file.
 *
 * @package    symfony
 * @subpackage validator
 * @author     Fabien Potencier 
 * @version    SVN: $Id: sfValidatorFile.class.php 23951 2009-11-14 20:44:22Z FabianLange $
 */
  3. class sfValidatorFile extends sfValidatorBase
  4. {
  5.   /**
  6.    * Configures the current validator.
  7.    *
  8.    * Available options:
  9.    *
  10.    *  * max_size:             The maximum file size in bytes (cannot exceed upload_max_filesize in php.ini)
  11.    *  * mime_types:           Allowed mime types array or category (available categories: web_images)
  12.    *  * mime_type_guessers:   An array of mime type guesser PHP callables (must return the mime type or null)
  13.    *  * mime_categories:      An array of mime type categories (web_images is defined by default)
  14.    *  * path:                 The path where to save the file - as used by the sfValidatedFile class (optional)
  15.    *  * validated_file_class: Name of the class that manages the cleaned uploaded file (optional)
  16.    *
  17.    * There are 3 built-in mime type guessers:
  18.    *
  19.    *  * guessFromFileinfo:        Uses the finfo_open() function (from the Fileinfo PECL extension)
  20.    *  * guessFromMimeContentType: Uses the mime_content_type() function (deprecated)
  21.    *  * guessFromFileBinary:      Uses the file binary (only works on *nix system)
  22.    *
  23.    * Available error codes:
  24.    *
  25.    *  * max_size
  26.    *  * mime_types
  27.    *  * partial
  28.    *  * no_tmp_dir
  29.    *  * cant_write
  30.    *  * extension
  31.    *
  32.    * @param array $options   An array of options
  33.    * @param array $messages  An array of error messages
  34.    *
  35.    * @see sfValidatorBase
  36.    */
  37.   protected function configure($options = array(), $messages = array())
  38.   {
  39.     if (!ini_get('file_uploads'))
  40.     {
  41.       throw new LogicException(sprintf('Unable to use a file validator as "file_uploads" is disabled in your php.ini file (%s)', get_cfg_var('cfg_file_path')));
  42.     }
  44.     $this->addOption('max_size');
  45.     $this->addOption('mime_types');
  46.     $this->addOption('mime_type_guessers', array(
  47.       array($this, 'guessFromFileinfo'),
  48.       array($this, 'guessFromMimeContentType'),
  49.       array($this, 'guessFromFileBinary'),
  50.     ));
  51.     $this->addOption('mime_categories', array(
  52.       'web_images' => array(
  53.         'image/jpeg',
  54.         'image/pjpeg',
  55.         'image/png',
  56.         'image/x-png',
  57.         'image/gif',
  58.     )));
  59.     $this->addOption('validated_file_class', 'sfValidatedFile');
  60.     $this->addOption('path', null);
  62.     $this->addMessage('max_size', 'File is too large (maximum is %max_size% bytes).');
  63.     $this->addMessage('mime_types', 'Invalid mime type (%mime_type%).');
  64.     $this->addMessage('partial', 'The uploaded file was only partially uploaded.');
  65.     $this->addMessage('no_tmp_dir', 'Missing a temporary folder.');
  66.     $this->addMessage('cant_write', 'Failed to write file to disk.');
  67.     $this->addMessage('extension', 'File upload stopped by extension.');
  68.   }
  70.   /**
  71.    * This validator always returns a sfValidatedFile object.
  72.    *
  73.    * The input value must be an array with the following keys:
  74.    *
  75.    *  * tmp_name: The absolute temporary path to the file
  76.    *  * name:     The original file name (optional)
  77.    *  * type:     The file content type (optional)
  78.    *  * error:    The error code (optional)
  79.    *  * size:     The file size in bytes (optional)
  80.    *
  81.    * @see sfValidatorBase
  82.    */
  83.   protected function doClean($value)
  84.   {
  85.     if (!is_array($value) || !isset($value['tmp_name']))
  86.     {
  87.       throw new sfValidatorError($this, 'invalid', array('value' => (string) $value));
  88.     }
  90.     if (!isset($value['name']))
  91.     {
  92.       $value['name'] = '';
  93.     }
  95.     if (!isset($value['error']))
  96.     {
  97.       $value['error'] = UPLOAD_ERR_OK;
  98.     }
  100.     if (!isset($value['size']))
  101.     {
  102.       $value['size'] = filesize($value['tmp_name']);
  103.     }
  105.     if (!isset($value['type']))
  106.     {
  107.       $value['type'] = 'application/octet-stream';
  108.     }
  110.     switch ($value['error'])
  111.     {
  112.       case UPLOAD_ERR_INI_SIZE:
  113.         $max = ini_get('upload_max_filesize');
  114.         if ($this->getOption('max_size'))
  115.         {
  116.           $max = min($max, $this->getOption('max_size'));
  117.         }
  118.         throw new sfValidatorError($this, 'max_size', array('max_size' => $max, 'size' => (int) $value['size']));
  119.       case UPLOAD_ERR_FORM_SIZE:
  120.         throw new sfValidatorError($this, 'max_size', array('max_size' => 0, 'size' => (int) $value['size']));
  121.       case UPLOAD_ERR_PARTIAL:
  122.         throw new sfValidatorError($this, 'partial');
  123.       case UPLOAD_ERR_NO_TMP_DIR:
  124.         throw new sfValidatorError($this, 'no_tmp_dir');
  125.       case UPLOAD_ERR_CANT_WRITE:
  126.         throw new sfValidatorError($this, 'cant_write');
  127.       case UPLOAD_ERR_EXTENSION:
  128.         throw new sfValidatorError($this, 'extension');
  129.     }
  131.     // check file size
  132.     if ($this->hasOption('max_size') && $this->getOption('max_size') < (int) $value['size'])
  133.     {
  134.       throw new sfValidatorError($this, 'max_size', array('max_size' => $this->getOption('max_size'), 'size' => (int) $value['size']));
  135.     }
  137.     $mimeType = $this->getMimeType((string) $value['tmp_name'], (string) $value['type']);
  139.     // check mime type
  140.     if ($this->hasOption('mime_types'))
  141.     {
  142.       $mimeTypes = is_array($this->getOption('mime_types')) ? $this->getOption('mime_types') : $this->getMimeTypesFromCategory($this->getOption('mime_types'));
  143.       if (!in_array($mimeType, array_map('strtolower', $mimeTypes)))
  144.       {
  145.         throw new sfValidatorError($this, 'mime_types', array('mime_types' => $mimeTypes, 'mime_type' => $mimeType));
  146.       }
  147.     }
  149.     $class = $this->getOption('validated_file_class');
  151.     return new $class($value['name'], $mimeType, $value['tmp_name'], $value['size'], $this->getOption('path'));
  152.   }
  154.   /**
  155.    * Returns the mime type of a file.
  156.    *
  157.    * This methods call each mime_type_guessers option callables to
  158.    * guess the mime type.
  159.    *
  160.    * This method always returns a lower-cased string as mime types are case-insensitive
  161.    * as per the RFC 2616 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7).
  162.    *
  163.    * @param  string $file      The absolute path of a file
  164.    * @param  string $fallback  The default mime type to return if not guessable
  165.    *
  166.    * @return string The mime type of the file (fallback is returned if not guessable)
  167.    */
  168.   protected function getMimeType($file, $fallback)
  169.   {
  170.     foreach ($this->getOption('mime_type_guessers') as $method)
  171.     {
  172.       $type = call_user_func($method, $file);
  174.       if (null !== $type && $type !== false)
  175.       {
  176.         return strtolower($type);
  177.       }
  178.     }
  180.     return strtolower($fallback);
  181.   }
  183.   /**
  184.    * Guess the file mime type with PECL Fileinfo extension
  185.    *
  186.    * @param  string $file  The absolute path of a file
  187.    *
  188.    * @return string The mime type of the file (null if not guessable)
  189.    */
  190.   protected function guessFromFileinfo($file)
  191.   {
  192.     if (!function_exists('finfo_open') || !is_readable($file))
  193.     {
  194.       return null;
  195.     }
  197.     if (!$finfo = new finfo(FILEINFO_MIME))
  198.     {
  199.       return null;
  200.     }
  202.     $type = $finfo->file($file);
  204.     // remove charset (added as of PHP 5.3)
  205.     if (false !== $pos = strpos($type, ';'))
  206.     {
  207.       $type = substr($type, 0, $pos);
  208.     }
  210.     return $type;
  211.   }
  213.   /**
  214.    * Guess the file mime type with mime_content_type function (deprecated)
  215.    *
  216.    * @param  string $file  The absolute path of a file
  217.    *
  218.    * @return string The mime type of the file (null if not guessable)
  219.    */
  220.   protected function guessFromMimeContentType($file)
  221.   {
  222.     if (!function_exists('mime_content_type') || !is_readable($file))
  223.     {
  224.       return null;
  225.     }
  227.     return mime_content_type($file);
  228.   }
  230.   /**
  231.    * Guess the file mime type with the file binary (only available on *nix)
  232.    *
  233.    * @param  string $file  The absolute path of a file
  234.    *
  235.    * @return string The mime type of the file (null if not guessable)
  236.    */
  237.   protected function guessFromFileBinary($file)
  238.   {
  239.     ob_start();
  240.     //need to use --mime instead of -i. see #6641
  241.     passthru(sprintf('file -b --mime %s 2>/dev/null', escapeshellarg($file)), $return);
  242.     if ($return > 0)
  243.     {
  244.       ob_end_clean();
  246.       return null;
  247.     }
  248.     $type = trim(ob_get_clean());
  250.     if (!preg_match('#^([a-z0-9\-]+/[a-z0-9\-]+)#i', $type, $match))
  251.     {
  252.       // it's not a type, but an error message
  253.       return null;
  254.     }
  256.     return $match[1];
  257.   }
  259.   protected function getMimeTypesFromCategory($category)
  260.   {
  261.     $categories = $this->getOption('mime_categories');
  263.     if (!isset($categories[$category]))
  264.     {
  265.       throw new InvalidArgumentException(sprintf('Invalid mime type category "%s".', $category));
  266.     }
  268.     return $categories[$category];
  269.   }
  271.   /**
  272.    * @see sfValidatorBase
  273.    */
  274.   protected function isEmpty($value)
  275.   {
  276.     // empty if the value is not an array
  277.     // or if the value comes from PHP with an error of UPLOAD_ERR_NO_FILE
  278.     return
  279.       (!is_array($value))
  280.         ||
  281.       (is_array($value) && isset($value['error']) && UPLOAD_ERR_NO_FILE === $value['error']);
  282.   }
  283. }
Debug toolbar