1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace yii\validators;
use Yii;
use yii\web\UploadedFile;
use yii\helpers\FileHelper;
/**
* FileValidator verifies if an attribute is receiving a valid uploaded file.
*
* @property integer $sizeLimit The size limit for uploaded files. This property is read-only.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0
*/
class FileValidator extends Validator
{
/**
* @var array|string a list of file name extensions that are allowed to be uploaded.
* This can be either an array or a string consisting of file extension names
* separated by space or comma (e.g. "gif, jpg").
* Extension names are case-insensitive. Defaults to null, meaning all file name
* extensions are allowed.
* @see wrongType
*/
public $extensions;
/**
* @var boolean whether to check file type (extension) with mime-type. If extension produced by
* file mime-type check differs from uploaded file extension, the file will be considered as invalid.
*/
public $checkExtensionByMimeType = true;
/**
* @var array|string a list of file MIME types that are allowed to be uploaded.
* This can be either an array or a string consisting of file MIME types
* separated by space or comma (e.g. "text/plain, image/png").
* Mime type names are case-insensitive. Defaults to null, meaning all MIME types
* are allowed.
* @see wrongMimeType
*/
public $mimeTypes;
/**
* @var integer the minimum number of bytes required for the uploaded file.
* Defaults to null, meaning no limit.
* @see tooSmall
*/
public $minSize;
/**
* @var integer the maximum number of bytes required for the uploaded file.
* Defaults to null, meaning no limit.
* Note, the size limit is also affected by 'upload_max_filesize' INI setting
* and the 'MAX_FILE_SIZE' hidden field value.
* @see tooBig
*/
public $maxSize;
/**
* @var integer the maximum file count the given attribute can hold.
* It defaults to 1, meaning single file upload. By defining a higher number,
* multiple uploads become possible.
* @see tooMany
*/
public $maxFiles = 1;
/**
* @var string the error message used when a file is not uploaded correctly.
*/
public $message;
/**
* @var string the error message used when no file is uploaded.
*/
public $uploadRequired;
/**
* @var string the error message used when the uploaded file is too large.
* You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {file}: the uploaded file name
* - {limit}: the maximum size allowed (see [[getSizeLimit()]])
*/
public $tooBig;
/**
* @var string the error message used when the uploaded file is too small.
* You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {file}: the uploaded file name
* - {limit}: the value of [[minSize]]
*/
public $tooSmall;
/**
* @var string the error message used if the count of multiple uploads exceeds limit.
* You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {limit}: the value of [[maxFiles]]
*/
public $tooMany;
/**
* @var string the error message used when the uploaded file has an extension name
* that is not listed in [[extensions]]. You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {file}: the uploaded file name
* - {extensions}: the list of the allowed extensions.
*/
public $wrongExtension;
/**
* @var string the error message used when the file has an mime type
* that is not listed in [[mimeTypes]].
* You may use the following tokens in the message:
*
* - {attribute}: the attribute name
* - {file}: the uploaded file name
* - {mimeTypes}: the value of [[mimeTypes]]
*/
public $wrongMimeType;
/**
* @inheritdoc
*/
public function init()
{
parent::init();
if ($this->message === null) {
$this->message = Yii::t('yii', 'File upload failed.');
}
if ($this->uploadRequired === null) {
$this->uploadRequired = Yii::t('yii', 'Please upload a file.');
}
if ($this->tooMany === null) {
$this->tooMany = Yii::t('yii', 'You can upload at most {limit, number} {limit, plural, one{file} other{files}}.');
}
if ($this->wrongExtension === null) {
$this->wrongExtension = Yii::t('yii', 'Only files with these extensions are allowed: {extensions}.');
}
if ($this->tooBig === null) {
$this->tooBig = Yii::t('yii', 'The file "{file}" is too big. Its size cannot exceed {limit, number} {limit, plural, one{byte} other{bytes}}.');
}
if ($this->tooSmall === null) {
$this->tooSmall = Yii::t('yii', 'The file "{file}" is too small. Its size cannot be smaller than {limit, number} {limit, plural, one{byte} other{bytes}}.');
}
if (!is_array($this->extensions)) {
$this->extensions = preg_split('/[\s,]+/', strtolower($this->extensions), -1, PREG_SPLIT_NO_EMPTY);
}
if ($this->wrongMimeType === null) {
$this->wrongMimeType = Yii::t('yii', 'Only files with these MIME types are allowed: {mimeTypes}.');
}
if (!is_array($this->mimeTypes)) {
$this->mimeTypes = preg_split('/[\s,]+/', strtolower($this->mimeTypes), -1, PREG_SPLIT_NO_EMPTY);
}
}
/**
* @inheritdoc
*/
public function validateAttribute($object, $attribute)
{
if ($this->maxFiles > 1) {
$files = $object->$attribute;
if (!is_array($files)) {
$this->addError($object, $attribute, $this->uploadRequired);
return;
}
foreach ($files as $i => $file) {
if (!$file instanceof UploadedFile || $file->error == UPLOAD_ERR_NO_FILE) {
unset($files[$i]);
}
}
$object->$attribute = array_values($files);
if (empty($files)) {
$this->addError($object, $attribute, $this->uploadRequired);
}
if (count($files) > $this->maxFiles) {
$this->addError($object, $attribute, $this->tooMany, ['limit' => $this->maxFiles]);
} else {
foreach ($files as $file) {
$result = $this->validateValue($file);
if (!empty($result)) {
$this->addError($object, $attribute, $result[0], $result[1]);
}
}
}
} else {
$result = $this->validateValue($object->$attribute);
if (!empty($result)) {
$this->addError($object, $attribute, $result[0], $result[1]);
}
}
}
/**
* @inheritdoc
*/
protected function validateValue($file)
{
if (!$file instanceof UploadedFile || $file->error == UPLOAD_ERR_NO_FILE) {
return [$this->uploadRequired, []];
}
switch ($file->error) {
case UPLOAD_ERR_OK:
if ($this->maxSize !== null && $file->size > $this->maxSize) {
return [$this->tooBig, ['file' => $file->name, 'limit' => $this->getSizeLimit()]];
} elseif ($this->minSize !== null && $file->size < $this->minSize) {
return [$this->tooSmall, ['file' => $file->name, 'limit' => $this->minSize]];
} elseif (!empty($this->extensions) && !$this->validateExtension($file)) {
return [$this->wrongExtension, ['file' => $file->name, 'extensions' => implode(', ', $this->extensions)]];
} elseif (!empty($this->mimeTypes) && !in_array(FileHelper::getMimeType($file->tempName), $this->mimeTypes, true)) {
return [$this->wrongMimeType, ['file' => $file->name, 'mimeTypes' => implode(', ', $this->mimeTypes)]];
} else {
return null;
}
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
return [$this->tooBig, ['file' => $file->name, 'limit' => $this->getSizeLimit()]];
case UPLOAD_ERR_PARTIAL:
Yii::warning('File was only partially uploaded: ' . $file->name, __METHOD__);
break;
case UPLOAD_ERR_NO_TMP_DIR:
Yii::warning('Missing the temporary folder to store the uploaded file: ' . $file->name, __METHOD__);
break;
case UPLOAD_ERR_CANT_WRITE:
Yii::warning('Failed to write the uploaded file to disk: ' . $file->name, __METHOD__);
break;
case UPLOAD_ERR_EXTENSION:
Yii::warning('File upload was stopped by some PHP extension: ' . $file->name, __METHOD__);
break;
default:
break;
}
return [$this->message, []];
}
/**
* Returns the maximum size allowed for uploaded files.
* This is determined based on three factors:
*
* - 'upload_max_filesize' in php.ini
* - 'MAX_FILE_SIZE' hidden field
* - [[maxSize]]
*
* @return integer the size limit for uploaded files.
*/
public function getSizeLimit()
{
$limit = $this->sizeToBytes(ini_get('upload_max_filesize'));
if ($this->maxSize !== null && $limit > 0 && $this->maxSize < $limit) {
$limit = $this->maxSize;
}
if (isset($_POST['MAX_FILE_SIZE']) && $_POST['MAX_FILE_SIZE'] > 0 && $_POST['MAX_FILE_SIZE'] < $limit) {
$limit = (int) $_POST['MAX_FILE_SIZE'];
}
return $limit;
}
/**
* @inheritdoc
*/
public function isEmpty($value, $trim = false)
{
$value = is_array($value) && !empty($value) ? $value[0] : $value;
return !($value instanceof UploadedFile) || $value->error == UPLOAD_ERR_NO_FILE;
}
/**
* Converts php.ini style size to bytes
*
* @param string $sizeStr $sizeStr
* @return int
*/
private function sizeToBytes($sizeStr)
{
switch (substr($sizeStr, -1)) {
case 'M':
case 'm':
return (int) $sizeStr * 1048576;
case 'K':
case 'k':
return (int) $sizeStr * 1024;
case 'G':
case 'g':
return (int) $sizeStr * 1073741824;
default:
return (int) $sizeStr;
}
}
/**
* Checks if given uploaded file have correct type (extension) according current validator settings.
* @param UploadedFile $file
* @return boolean
*/
protected function validateExtension($file)
{
$extension = mb_strtolower($file->extension, 'utf-8');
if ($this->checkExtensionByMimeType) {
$mimeType = FileHelper::getMimeType($file->tempName);
if ($mimeType === null) {
return false;
}
$extensionsByMimeType = FileHelper::getExtensionsByMimeType($mimeType);
if (!in_array($extension, $extensionsByMimeType, true)) {
return false;
}
}
if (!in_array($extension, $this->extensions, true)) {
return false;
}
return true;
}
}