FileValidator.php 14.7 KB
Newer Older
w  
Qiang Xue committed
1 2 3
<?php
/**
 * @link http://www.yiiframework.com/
Qiang Xue committed
4
 * @copyright Copyright (c) 2008 Yii Software LLC
w  
Qiang Xue committed
5 6 7
 * @license http://www.yiiframework.com/license/
 */

w  
Qiang Xue committed
8 9
namespace yii\validators;

10 11
use Yii;
use yii\web\UploadedFile;
12
use yii\helpers\FileHelper;
13

w  
Qiang Xue committed
14
/**
15
 * FileValidator verifies if an attribute is receiving a valid uploaded file.
w  
Qiang Xue committed
16
 *
17 18
 * Note that you should enable `fileinfo` PHP extension.
 *
19
 * @property integer $sizeLimit The size limit for uploaded files. This property is read-only.
20
 *
w  
Qiang Xue committed
21
 * @author Qiang Xue <qiang.xue@gmail.com>
Alexander Makarov committed
22
 * @since 2.0
w  
Qiang Xue committed
23
 */
24
class FileValidator extends Validator
w  
Qiang Xue committed
25
{
26 27 28 29 30 31 32 33
    /**
     * @var array|string a list of file name extensions that are allowed to be uploaded.
     * This can be either an array or a string consisting of file extension names
     * separated by space or comma (e.g. "gif, jpg").
     * Extension names are case-insensitive. Defaults to null, meaning all file name
     * extensions are allowed.
     * @see wrongType
     */
34
    public $extensions;
Mark committed
35 36
    /**
     * @var boolean whether to check file type (extension) with mime-type. If extension produced by
Qiang Xue committed
37
     * file mime-type check differs from uploaded file extension, the file will be considered as invalid.
Mark committed
38
     */
39
    public $checkExtensionByMimeType = true;
40 41 42 43 44 45 46 47 48
    /**
     * @var array|string a list of file MIME types that are allowed to be uploaded.
     * This can be either an array or a string consisting of file MIME types
     * separated by space or comma (e.g. "text/plain, image/png").
     * Mime type names are case-insensitive. Defaults to null, meaning all MIME types
     * are allowed.
     * @see wrongMimeType
     */
    public $mimeTypes;
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75
    /**
     * @var integer the minimum number of bytes required for the uploaded file.
     * Defaults to null, meaning no limit.
     * @see tooSmall
     */
    public $minSize;
    /**
     * @var integer the maximum number of bytes required for the uploaded file.
     * Defaults to null, meaning no limit.
     * Note, the size limit is also affected by 'upload_max_filesize' INI setting
     * and the 'MAX_FILE_SIZE' hidden field value.
     * @see tooBig
     */
    public $maxSize;
    /**
     * @var integer the maximum file count the given attribute can hold.
     * It defaults to 1, meaning single file upload. By defining a higher number,
     * multiple uploads become possible.
     * @see tooMany
     */
    public $maxFiles = 1;
    /**
     * @var string the error message used when a file is not uploaded correctly.
     */
    public $message;
    /**
     * @var string the error message used when no file is uploaded.
76 77
     * Note that this is the text of the validation error message. To make uploading files required,
     * you have to set [[skipOnEmpty]] to `false`.
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
     */
    public $uploadRequired;
    /**
     * @var string the error message used when the uploaded file is too large.
     * You may use the following tokens in the message:
     *
     * - {attribute}: the attribute name
     * - {file}: the uploaded file name
     * - {limit}: the maximum size allowed (see [[getSizeLimit()]])
     */
    public $tooBig;
    /**
     * @var string the error message used when the uploaded file is too small.
     * You may use the following tokens in the message:
     *
     * - {attribute}: the attribute name
     * - {file}: the uploaded file name
     * - {limit}: the value of [[minSize]]
     */
    public $tooSmall;
Qiang Xue committed
98 99 100 101 102 103 104 105
    /**
     * @var string the error message used if the count of multiple uploads exceeds limit.
     * You may use the following tokens in the message:
     *
     * - {attribute}: the attribute name
     * - {limit}: the value of [[maxFiles]]
     */
    public $tooMany;
106 107
    /**
     * @var string the error message used when the uploaded file has an extension name
108
     * that is not listed in [[extensions]]. You may use the following tokens in the message:
109 110 111 112 113
     *
     * - {attribute}: the attribute name
     * - {file}: the uploaded file name
     * - {extensions}: the list of the allowed extensions.
     */
114
    public $wrongExtension;
115 116 117 118 119 120 121 122 123 124
    /**
     * @var string the error message used when the file has an mime type
     * that is not listed in [[mimeTypes]].
     * You may use the following tokens in the message:
     *
     * - {attribute}: the attribute name
     * - {file}: the uploaded file name
     * - {mimeTypes}: the value of [[mimeTypes]]
     */
    public $wrongMimeType;
125
    
w  
Qiang Xue committed
126

127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
    /**
     * @inheritdoc
     */
    public function init()
    {
        parent::init();
        if ($this->message === null) {
            $this->message = Yii::t('yii', 'File upload failed.');
        }
        if ($this->uploadRequired === null) {
            $this->uploadRequired = Yii::t('yii', 'Please upload a file.');
        }
        if ($this->tooMany === null) {
            $this->tooMany = Yii::t('yii', 'You can upload at most {limit, number} {limit, plural, one{file} other{files}}.');
        }
142 143
        if ($this->wrongExtension === null) {
            $this->wrongExtension = Yii::t('yii', 'Only files with these extensions are allowed: {extensions}.');
144 145 146 147 148 149 150
        }
        if ($this->tooBig === null) {
            $this->tooBig = Yii::t('yii', 'The file "{file}" is too big. Its size cannot exceed {limit, number} {limit, plural, one{byte} other{bytes}}.');
        }
        if ($this->tooSmall === null) {
            $this->tooSmall = Yii::t('yii', 'The file "{file}" is too small. Its size cannot be smaller than {limit, number} {limit, plural, one{byte} other{bytes}}.');
        }
151 152
        if (!is_array($this->extensions)) {
            $this->extensions = preg_split('/[\s,]+/', strtolower($this->extensions), -1, PREG_SPLIT_NO_EMPTY);
153 154
        } else {
            $this->extensions = array_map('strtolower', $this->extensions);
155
        }
156 157 158 159 160
        if ($this->wrongMimeType === null) {
            $this->wrongMimeType = Yii::t('yii', 'Only files with these MIME types are allowed: {mimeTypes}.');
        }
        if (!is_array($this->mimeTypes)) {
            $this->mimeTypes = preg_split('/[\s,]+/', strtolower($this->mimeTypes), -1, PREG_SPLIT_NO_EMPTY);
161 162
        } else {
            $this->mimeTypes = array_map('strtolower', $this->mimeTypes);
163
        }
164
    }
w  
Qiang Xue committed
165

166 167 168
    /**
     * @inheritdoc
     */
Qiang Xue committed
169
    public function validateAttribute($model, $attribute)
170 171
    {
        if ($this->maxFiles > 1) {
Qiang Xue committed
172
            $files = $model->$attribute;
173
            if (!is_array($files)) {
Qiang Xue committed
174
                $this->addError($model, $attribute, $this->uploadRequired);
w  
Qiang Xue committed
175

176 177 178 179 180 181 182
                return;
            }
            foreach ($files as $i => $file) {
                if (!$file instanceof UploadedFile || $file->error == UPLOAD_ERR_NO_FILE) {
                    unset($files[$i]);
                }
            }
Qiang Xue committed
183
            $model->$attribute = array_values($files);
184
            if (empty($files)) {
Qiang Xue committed
185
                $this->addError($model, $attribute, $this->uploadRequired);
186 187
            }
            if (count($files) > $this->maxFiles) {
Qiang Xue committed
188
                $this->addError($model, $attribute, $this->tooMany, ['limit' => $this->maxFiles]);
189 190 191 192
            } else {
                foreach ($files as $file) {
                    $result = $this->validateValue($file);
                    if (!empty($result)) {
Qiang Xue committed
193
                        $this->addError($model, $attribute, $result[0], $result[1]);
194 195 196 197
                    }
                }
            }
        } else {
Qiang Xue committed
198
            $result = $this->validateValue($model->$attribute);
199
            if (!empty($result)) {
Qiang Xue committed
200
                $this->addError($model, $attribute, $result[0], $result[1]);
201 202 203
            }
        }
    }
w  
Qiang Xue committed
204

205 206 207 208 209 210 211 212
    /**
     * @inheritdoc
     */
    protected function validateValue($file)
    {
        if (!$file instanceof UploadedFile || $file->error == UPLOAD_ERR_NO_FILE) {
            return [$this->uploadRequired, []];
        }
Mark committed
213

214 215
        switch ($file->error) {
            case UPLOAD_ERR_OK:
Mark committed
216
                if ($this->maxSize !== null && $file->size > $this->maxSize) {
217
                    return [$this->tooBig, ['file' => $file->name, 'limit' => $this->getSizeLimit()]];
Mark committed
218
                } elseif ($this->minSize !== null && $file->size < $this->minSize) {
219
                    return [$this->tooSmall, ['file' => $file->name, 'limit' => $this->minSize]];
220 221
                } elseif (!empty($this->extensions) && !$this->validateExtension($file)) {
                    return [$this->wrongExtension, ['file' => $file->name, 'extensions' => implode(', ', $this->extensions)]];
222
                } elseif (!empty($this->mimeTypes) &&  !in_array(FileHelper::getMimeType($file->tempName), $this->mimeTypes, false)) {
223
                    return [$this->wrongMimeType, ['file' => $file->name, 'mimeTypes' => implode(', ', $this->mimeTypes)]];
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244
                } else {
                    return null;
                }
            case UPLOAD_ERR_INI_SIZE:
            case UPLOAD_ERR_FORM_SIZE:
                return [$this->tooBig, ['file' => $file->name, 'limit' => $this->getSizeLimit()]];
            case UPLOAD_ERR_PARTIAL:
                Yii::warning('File was only partially uploaded: ' . $file->name, __METHOD__);
                break;
            case UPLOAD_ERR_NO_TMP_DIR:
                Yii::warning('Missing the temporary folder to store the uploaded file: ' . $file->name, __METHOD__);
                break;
            case UPLOAD_ERR_CANT_WRITE:
                Yii::warning('Failed to write the uploaded file to disk: ' . $file->name, __METHOD__);
                break;
            case UPLOAD_ERR_EXTENSION:
                Yii::warning('File upload was stopped by some PHP extension: ' . $file->name, __METHOD__);
                break;
            default:
                break;
        }
w  
Qiang Xue committed
245

246 247
        return [$this->message, []];
    }
248

249 250 251 252 253 254 255 256 257 258 259 260
    /**
     * Returns the maximum size allowed for uploaded files.
     * This is determined based on three factors:
     *
     * - 'upload_max_filesize' in php.ini
     * - 'MAX_FILE_SIZE' hidden field
     * - [[maxSize]]
     *
     * @return integer the size limit for uploaded files.
     */
    public function getSizeLimit()
    {
261
        $limit = $this->sizeToBytes(ini_get('upload_max_filesize'));
262 263 264 265 266 267
        if ($this->maxSize !== null && $limit > 0 && $this->maxSize < $limit) {
            $limit = $this->maxSize;
        }
        if (isset($_POST['MAX_FILE_SIZE']) && $_POST['MAX_FILE_SIZE'] > 0 && $_POST['MAX_FILE_SIZE'] < $limit) {
            $limit = (int) $_POST['MAX_FILE_SIZE'];
        }
Qiang Xue committed
268

269 270 271 272 273 274 275 276
        return $limit;
    }

    /**
     * @inheritdoc
     */
    public function isEmpty($value, $trim = false)
    {
277
        $value = is_array($value) ? reset($value) : $value;
278
        return !($value instanceof UploadedFile) || $value->error == UPLOAD_ERR_NO_FILE;
279 280 281 282 283
    }

    /**
     * Converts php.ini style size to bytes
     *
284
     * @param string $sizeStr $sizeStr
285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302
     * @return int
     */
    private function sizeToBytes($sizeStr)
    {
        switch (substr($sizeStr, -1)) {
            case 'M':
            case 'm':
                return (int) $sizeStr * 1048576;
            case 'K':
            case 'k':
                return (int) $sizeStr * 1024;
            case 'G':
            case 'g':
                return (int) $sizeStr * 1073741824;
            default:
                return (int) $sizeStr;
        }
    }
Mark committed
303 304 305

    /**
     * Checks if given uploaded file have correct type (extension) according current validator settings.
Qiang Xue committed
306
     * @param UploadedFile $file
Mark committed
307 308
     * @return boolean
     */
Qiang Xue committed
309
    protected function validateExtension($file)
Mark committed
310
    {
Qiang Xue committed
311
        $extension = mb_strtolower($file->extension, 'utf-8');
312 313

        if ($this->checkExtensionByMimeType) {
Mark committed
314

315
            $mimeType = FileHelper::getMimeType($file->tempName, null, false);
Qiang Xue committed
316 317 318 319 320
            if ($mimeType === null) {
                return false;
            }

            $extensionsByMimeType = FileHelper::getExtensionsByMimeType($mimeType);
Mark committed
321

Qiang Xue committed
322
            if (!in_array($extension, $extensionsByMimeType, true)) {
Mark committed
323 324 325 326
                return false;
            }
        }

Qiang Xue committed
327
        if (!in_array($extension, $this->extensions, true)) {
Mark committed
328 329 330 331 332
            return false;
        }

        return true;
    }
333 334 335 336

    /**
     * @inheritdoc
     */
Qiang Xue committed
337
    public function clientValidateAttribute($model, $attribute, $view)
338 339
    {
        ValidationAsset::register($view);
Qiang Xue committed
340
        $options = $this->getClientOptions($model, $attribute);
341
        return 'yii.validation.file(attribute, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
342 343 344 345
    }

    /**
     * Returns the client side validation options.
Qiang Xue committed
346
     * @param \yii\base\Model $model the model being validated
347 348 349
     * @param string $attribute the attribute name being validated
     * @return array the client side validation options
     */
Qiang Xue committed
350
    protected function getClientOptions($model, $attribute)
Tomek Romik committed
351
    {
Qiang Xue committed
352
        $label = $model->getAttributeLabel($attribute);
353

354 355
        $options = [];
        if ($this->message !== null) {
356 357 358 359
            $options['message'] = Yii::$app->getI18n()->format($this->message, [
                'attribute' => $label,
            ], Yii::$app->language);
        }
360

361
        $options['skipOnEmpty'] = $this->skipOnEmpty;
362 363

        if ( !$this->skipOnEmpty ) {
364 365 366
            $options['uploadRequired'] = Yii::$app->getI18n()->format($this->uploadRequired, [
                'attribute' => $label,
            ], Yii::$app->language);
367
        }
368

369
        if ( $this->mimeTypes !== null ) {
370 371
            $options['mimeTypes'] = $this->mimeTypes;
            $options['wrongMimeType'] = Yii::$app->getI18n()->format($this->wrongMimeType, [
372
                'attribute' => $label,
373 374 375
                'mimeTypes' => join(', ', $this->mimeTypes)
            ], Yii::$app->language);
        }
376

377
        if ( $this->extensions !== null ) {
378 379
            $options['extensions'] = $this->extensions;
            $options['wrongExtension'] = Yii::$app->getI18n()->format($this->wrongExtension, [
380
                'attribute' => $label,
381 382 383
                'extensions' => join(', ', $this->extensions)
            ], Yii::$app->language);
        }
384

385 386 387
        if ( $this->minSize !== null ) {
            $options['minSize'] = $this->minSize;
            $options['tooSmall'] = Yii::$app->getI18n()->format($this->tooSmall, [
388
                'attribute' => $label,
389 390 391
                'limit' => $this->minSize
            ], Yii::$app->language);
        }
392

393 394 395
        if ( $this->maxSize !== null ) {
            $options['maxSize'] = $this->maxSize;
            $options['tooBig'] = Yii::$app->getI18n()->format($this->tooBig, [
396
                'attribute' => $label,
397
                'limit' => $this->maxSize
398 399 400
            ], Yii::$app->language);
        }

401 402 403
        if ( $this->maxFiles !== null ) {
            $options['maxFiles'] = $this->maxFiles;
            $options['tooMany'] = Yii::$app->getI18n()->format($this->tooMany, [
404
                'attribute' => $label,
405 406 407
                'limit' => $this->maxFiles
            ], Yii::$app->language);
        }
408 409

        return $options;
410
    }
Rasmus Lerdorf committed
411
}