FileValidator.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562
  1. <?php
  2. /**
  3. * @link https://www.yiiframework.com/
  4. * @copyright Copyright (c) 2008 Yii Software LLC
  5. * @license https://www.yiiframework.com/license/
  6. */
  7. namespace yii\validators;
  8. use Yii;
  9. use yii\helpers\FileHelper;
  10. use yii\helpers\Html;
  11. use yii\helpers\Json;
  12. use yii\helpers\StringHelper;
  13. use yii\web\JsExpression;
  14. use yii\web\UploadedFile;
  15. /**
  16. * FileValidator verifies if an attribute is receiving a valid uploaded file.
  17. *
  18. * Note that you should enable `fileinfo` PHP extension.
  19. *
  20. * @property-read int $sizeLimit The size limit for uploaded files.
  21. *
  22. * @author Qiang Xue <qiang.xue@gmail.com>
  23. * @since 2.0
  24. */
  25. class FileValidator extends Validator
  26. {
  27. /**
  28. * @var array|string|null a list of file name extensions that are allowed to be uploaded.
  29. * This can be either an array or a string consisting of file extension names
  30. * separated by space or comma (e.g. "gif, jpg").
  31. * Extension names are case-insensitive. Defaults to null, meaning all file name
  32. * extensions are allowed.
  33. * @see wrongExtension for the customized message for wrong file type.
  34. */
  35. public $extensions;
  36. /**
  37. * @var bool whether to check file type (extension) with mime-type. If extension produced by
  38. * file mime-type check differs from uploaded file extension, the file will be considered as invalid.
  39. */
  40. public $checkExtensionByMimeType = true;
  41. /**
  42. * @var array|string|null a list of file MIME types that are allowed to be uploaded.
  43. * This can be either an array or a string consisting of file MIME types
  44. * separated by space or comma (e.g. "text/plain, image/png").
  45. * The mask with the special character `*` can be used to match groups of mime types.
  46. * For example `image/*` will pass all mime types, that begin with `image/` (e.g. `image/jpeg`, `image/png`).
  47. * Mime type names are case-insensitive. Defaults to null, meaning all MIME types are allowed.
  48. * @see wrongMimeType for the customized message for wrong MIME type.
  49. */
  50. public $mimeTypes;
  51. /**
  52. * @var int|null the minimum number of bytes required for the uploaded file.
  53. * Defaults to null, meaning no limit.
  54. * @see tooSmall for the customized message for a file that is too small.
  55. */
  56. public $minSize;
  57. /**
  58. * @var int|null the maximum number of bytes required for the uploaded file.
  59. * Defaults to null, meaning no limit.
  60. * Note, the size limit is also affected by `upload_max_filesize` and `post_max_size` INI setting
  61. * and the 'MAX_FILE_SIZE' hidden field value. See [[getSizeLimit()]] for details.
  62. * @see https://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize
  63. * @see https://www.php.net/post-max-size
  64. * @see getSizeLimit
  65. * @see tooBig for the customized message for a file that is too big.
  66. */
  67. public $maxSize;
  68. /**
  69. * @var int the maximum file count the given attribute can hold.
  70. * Defaults to 1, meaning single file upload. By defining a higher number,
  71. * multiple uploads become possible. Setting it to `0` means there is no limit on
  72. * the number of files that can be uploaded simultaneously.
  73. *
  74. * > Note: The maximum number of files allowed to be uploaded simultaneously is
  75. * also limited with PHP directive `max_file_uploads`, which defaults to 20.
  76. *
  77. * @see https://www.php.net/manual/en/ini.core.php#ini.max-file-uploads
  78. * @see tooMany for the customized message when too many files are uploaded.
  79. */
  80. public $maxFiles = 1;
  81. /**
  82. * @var int the minimum file count the given attribute can hold.
  83. * Defaults to 0. Higher value means at least that number of files should be uploaded.
  84. *
  85. * @see tooFew for the customized message when too few files are uploaded.
  86. * @since 2.0.14
  87. */
  88. public $minFiles = 0;
  89. /**
  90. * @var string the error message used when a file is not uploaded correctly.
  91. */
  92. public $message;
  93. /**
  94. * @var string the error message used when no file is uploaded.
  95. * Note that this is the text of the validation error message. To make uploading files required,
  96. * you have to set [[skipOnEmpty]] to `false`.
  97. */
  98. public $uploadRequired;
  99. /**
  100. * @var string the error message used when the uploaded file is too large.
  101. * You may use the following tokens in the message:
  102. *
  103. * - {attribute}: the attribute name
  104. * - {file}: the uploaded file name
  105. * - {limit}: the maximum size allowed (see [[getSizeLimit()]])
  106. * - {formattedLimit}: the maximum size formatted
  107. * with [[\yii\i18n\Formatter::asShortSize()|Formatter::asShortSize()]]
  108. */
  109. public $tooBig;
  110. /**
  111. * @var string the error message used when the uploaded file is too small.
  112. * You may use the following tokens in the message:
  113. *
  114. * - {attribute}: the attribute name
  115. * - {file}: the uploaded file name
  116. * - {limit}: the value of [[minSize]]
  117. * - {formattedLimit}: the value of [[minSize]] formatted
  118. * with [[\yii\i18n\Formatter::asShortSize()|Formatter::asShortSize()]
  119. */
  120. public $tooSmall;
  121. /**
  122. * @var string the error message used if the count of multiple uploads exceeds limit.
  123. * You may use the following tokens in the message:
  124. *
  125. * - {attribute}: the attribute name
  126. * - {limit}: the value of [[maxFiles]]
  127. */
  128. public $tooMany;
  129. /**
  130. * @var string the error message used if the count of multiple uploads less that minFiles.
  131. * You may use the following tokens in the message:
  132. *
  133. * - {attribute}: the attribute name
  134. * - {limit}: the value of [[minFiles]]
  135. *
  136. * @since 2.0.14
  137. */
  138. public $tooFew;
  139. /**
  140. * @var string the error message used when the uploaded file has an extension name
  141. * that is not listed in [[extensions]]. You may use the following tokens in the message:
  142. *
  143. * - {attribute}: the attribute name
  144. * - {file}: the uploaded file name
  145. * - {extensions}: the list of the allowed extensions.
  146. */
  147. public $wrongExtension;
  148. /**
  149. * @var string the error message used when the file has an mime type
  150. * that is not allowed by [[mimeTypes]] property.
  151. * You may use the following tokens in the message:
  152. *
  153. * - {attribute}: the attribute name
  154. * - {file}: the uploaded file name
  155. * - {mimeTypes}: the value of [[mimeTypes]]
  156. */
  157. public $wrongMimeType;
  158. /**
  159. * {@inheritdoc}
  160. */
  161. public function init()
  162. {
  163. parent::init();
  164. if ($this->message === null) {
  165. $this->message = Yii::t('yii', 'File upload failed.');
  166. }
  167. if ($this->uploadRequired === null) {
  168. $this->uploadRequired = Yii::t('yii', 'Please upload a file.');
  169. }
  170. if ($this->tooMany === null) {
  171. $this->tooMany = Yii::t('yii', 'You can upload at most {limit, number} {limit, plural, one{file} other{files}}.');
  172. }
  173. if ($this->tooFew === null) {
  174. $this->tooFew = Yii::t('yii', 'You should upload at least {limit, number} {limit, plural, one{file} other{files}}.');
  175. }
  176. if ($this->wrongExtension === null) {
  177. $this->wrongExtension = Yii::t('yii', 'Only files with these extensions are allowed: {extensions}.');
  178. }
  179. if ($this->tooBig === null) {
  180. $this->tooBig = Yii::t('yii', 'The file "{file}" is too big. Its size cannot exceed {formattedLimit}.');
  181. }
  182. if ($this->tooSmall === null) {
  183. $this->tooSmall = Yii::t('yii', 'The file "{file}" is too small. Its size cannot be smaller than {formattedLimit}.');
  184. }
  185. if (!is_array($this->extensions)) {
  186. $this->extensions = preg_split('/[\s,]+/', strtolower((string)$this->extensions), -1, PREG_SPLIT_NO_EMPTY);
  187. } else {
  188. $this->extensions = array_map('strtolower', $this->extensions);
  189. }
  190. if ($this->wrongMimeType === null) {
  191. $this->wrongMimeType = Yii::t('yii', 'Only files with these MIME types are allowed: {mimeTypes}.');
  192. }
  193. if (!is_array($this->mimeTypes)) {
  194. $this->mimeTypes = preg_split('/[\s,]+/', strtolower((string)$this->mimeTypes), -1, PREG_SPLIT_NO_EMPTY);
  195. } else {
  196. $this->mimeTypes = array_map('strtolower', $this->mimeTypes);
  197. }
  198. }
  199. /**
  200. * {@inheritdoc}
  201. */
  202. public function validateAttribute($model, $attribute)
  203. {
  204. if ($this->maxFiles != 1 || $this->minFiles > 1) {
  205. $rawFiles = $model->$attribute;
  206. if (!is_array($rawFiles)) {
  207. $this->addError($model, $attribute, $this->uploadRequired);
  208. return;
  209. }
  210. $files = $this->filterFiles($rawFiles);
  211. $model->$attribute = $files;
  212. if (empty($files)) {
  213. $this->addError($model, $attribute, $this->uploadRequired);
  214. return;
  215. }
  216. $filesCount = count($files);
  217. if ($this->maxFiles && $filesCount > $this->maxFiles) {
  218. $this->addError($model, $attribute, $this->tooMany, ['limit' => $this->maxFiles]);
  219. }
  220. if ($this->minFiles && $this->minFiles > $filesCount) {
  221. $this->addError($model, $attribute, $this->tooFew, ['limit' => $this->minFiles]);
  222. }
  223. foreach ($files as $file) {
  224. $result = $this->validateValue($file);
  225. if (!empty($result)) {
  226. $this->addError($model, $attribute, $result[0], $result[1]);
  227. }
  228. }
  229. } else {
  230. $result = $this->validateValue($model->$attribute);
  231. if (!empty($result)) {
  232. $this->addError($model, $attribute, $result[0], $result[1]);
  233. }
  234. }
  235. }
  236. /**
  237. * Files filter.
  238. * @param array $files
  239. * @return UploadedFile[]
  240. */
  241. private function filterFiles(array $files)
  242. {
  243. $result = [];
  244. foreach ($files as $fileName => $file) {
  245. if ($file instanceof UploadedFile && $file->error !== UPLOAD_ERR_NO_FILE) {
  246. $result[$fileName] = $file;
  247. }
  248. }
  249. return $result;
  250. }
  251. /**
  252. * {@inheritdoc}
  253. */
  254. protected function validateValue($value)
  255. {
  256. if (!$value instanceof UploadedFile || $value->error == UPLOAD_ERR_NO_FILE) {
  257. return [$this->uploadRequired, []];
  258. }
  259. switch ($value->error) {
  260. case UPLOAD_ERR_OK:
  261. if ($this->maxSize !== null && $value->size > $this->getSizeLimit()) {
  262. return [
  263. $this->tooBig,
  264. [
  265. 'file' => $value->name,
  266. 'limit' => $this->getSizeLimit(),
  267. 'formattedLimit' => Yii::$app->formatter->asShortSize($this->getSizeLimit()),
  268. ],
  269. ];
  270. } elseif ($this->minSize !== null && $value->size < $this->minSize) {
  271. return [
  272. $this->tooSmall,
  273. [
  274. 'file' => $value->name,
  275. 'limit' => $this->minSize,
  276. 'formattedLimit' => Yii::$app->formatter->asShortSize($this->minSize),
  277. ],
  278. ];
  279. } elseif (!empty($this->extensions) && !$this->validateExtension($value)) {
  280. return [$this->wrongExtension, ['file' => $value->name, 'extensions' => implode(', ', $this->extensions)]];
  281. } elseif (!empty($this->mimeTypes) && !$this->validateMimeType($value)) {
  282. return [$this->wrongMimeType, ['file' => $value->name, 'mimeTypes' => implode(', ', $this->mimeTypes)]];
  283. }
  284. return null;
  285. case UPLOAD_ERR_INI_SIZE:
  286. case UPLOAD_ERR_FORM_SIZE:
  287. return [$this->tooBig, [
  288. 'file' => $value->name,
  289. 'limit' => $this->getSizeLimit(),
  290. 'formattedLimit' => Yii::$app->formatter->asShortSize($this->getSizeLimit()),
  291. ]];
  292. case UPLOAD_ERR_PARTIAL:
  293. Yii::warning('File was only partially uploaded: ' . $value->name, __METHOD__);
  294. break;
  295. case UPLOAD_ERR_NO_TMP_DIR:
  296. Yii::warning('Missing the temporary folder to store the uploaded file: ' . $value->name, __METHOD__);
  297. break;
  298. case UPLOAD_ERR_CANT_WRITE:
  299. Yii::warning('Failed to write the uploaded file to disk: ' . $value->name, __METHOD__);
  300. break;
  301. case UPLOAD_ERR_EXTENSION:
  302. Yii::warning('File upload was stopped by some PHP extension: ' . $value->name, __METHOD__);
  303. break;
  304. default:
  305. break;
  306. }
  307. return [$this->message, []];
  308. }
  309. /**
  310. * Returns the maximum size allowed for uploaded files.
  311. *
  312. * This is determined based on four factors:
  313. *
  314. * - 'upload_max_filesize' in php.ini
  315. * - 'post_max_size' in php.ini
  316. * - 'MAX_FILE_SIZE' hidden field
  317. * - [[maxSize]]
  318. *
  319. * @return int the size limit for uploaded files.
  320. */
  321. public function getSizeLimit()
  322. {
  323. // Get the lowest between post_max_size and upload_max_filesize, log a warning if the first is < than the latter
  324. $limit = $this->sizeToBytes(ini_get('upload_max_filesize'));
  325. $postLimit = $this->sizeToBytes(ini_get('post_max_size'));
  326. if ($postLimit > 0 && $postLimit < $limit) {
  327. Yii::warning('PHP.ini\'s \'post_max_size\' is less than \'upload_max_filesize\'.', __METHOD__);
  328. $limit = $postLimit;
  329. }
  330. if ($this->maxSize !== null && $limit > 0 && $this->maxSize < $limit) {
  331. $limit = $this->maxSize;
  332. }
  333. if (isset($_POST['MAX_FILE_SIZE']) && $_POST['MAX_FILE_SIZE'] > 0 && $_POST['MAX_FILE_SIZE'] < $limit) {
  334. $limit = (int) $_POST['MAX_FILE_SIZE'];
  335. }
  336. return $limit;
  337. }
  338. /**
  339. * {@inheritdoc}
  340. * @param bool $trim
  341. */
  342. public function isEmpty($value, $trim = false)
  343. {
  344. $value = is_array($value) ? reset($value) : $value;
  345. return !($value instanceof UploadedFile) || $value->error == UPLOAD_ERR_NO_FILE;
  346. }
  347. /**
  348. * Converts php.ini style size to bytes.
  349. *
  350. * @param string $sizeStr $sizeStr
  351. * @return int
  352. */
  353. private function sizeToBytes($sizeStr)
  354. {
  355. switch (substr($sizeStr, -1)) {
  356. case 'M':
  357. case 'm':
  358. return (int) $sizeStr * 1048576;
  359. case 'K':
  360. case 'k':
  361. return (int) $sizeStr * 1024;
  362. case 'G':
  363. case 'g':
  364. return (int) $sizeStr * 1073741824;
  365. default:
  366. return (int) $sizeStr;
  367. }
  368. }
  369. /**
  370. * Checks if given uploaded file have correct type (extension) according current validator settings.
  371. * @param UploadedFile $file
  372. * @return bool
  373. */
  374. protected function validateExtension($file)
  375. {
  376. $extension = mb_strtolower($file->extension, 'UTF-8');
  377. if ($this->checkExtensionByMimeType) {
  378. $mimeType = FileHelper::getMimeType($file->tempName, null, false);
  379. if ($mimeType === null) {
  380. return false;
  381. }
  382. $extensionsByMimeType = FileHelper::getExtensionsByMimeType($mimeType);
  383. if (!in_array($extension, $extensionsByMimeType, true)) {
  384. return false;
  385. }
  386. }
  387. if (!empty($this->extensions)) {
  388. foreach ((array) $this->extensions as $ext) {
  389. if ($extension === $ext || StringHelper::endsWith($file->name, ".$ext", false)) {
  390. return true;
  391. }
  392. }
  393. return false;
  394. }
  395. return true;
  396. }
  397. /**
  398. * {@inheritdoc}
  399. */
  400. public function clientValidateAttribute($model, $attribute, $view)
  401. {
  402. ValidationAsset::register($view);
  403. $options = $this->getClientOptions($model, $attribute);
  404. return 'yii.validation.file(attribute, messages, ' . Json::htmlEncode($options) . ');';
  405. }
  406. /**
  407. * {@inheritdoc}
  408. */
  409. public function getClientOptions($model, $attribute)
  410. {
  411. $label = $model->getAttributeLabel($attribute);
  412. $options = [];
  413. if ($this->message !== null) {
  414. $options['message'] = $this->formatMessage($this->message, [
  415. 'attribute' => $label,
  416. ]);
  417. }
  418. $options['skipOnEmpty'] = $this->skipOnEmpty;
  419. if (!$this->skipOnEmpty) {
  420. $options['uploadRequired'] = $this->formatMessage($this->uploadRequired, [
  421. 'attribute' => $label,
  422. ]);
  423. }
  424. if ($this->mimeTypes !== null) {
  425. $mimeTypes = [];
  426. foreach ($this->mimeTypes as $mimeType) {
  427. $mimeTypes[] = new JsExpression(Html::escapeJsRegularExpression($this->buildMimeTypeRegexp($mimeType)));
  428. }
  429. $options['mimeTypes'] = $mimeTypes;
  430. $options['wrongMimeType'] = $this->formatMessage($this->wrongMimeType, [
  431. 'attribute' => $label,
  432. 'mimeTypes' => implode(', ', $this->mimeTypes),
  433. ]);
  434. }
  435. if ($this->extensions !== null) {
  436. $options['extensions'] = $this->extensions;
  437. $options['wrongExtension'] = $this->formatMessage($this->wrongExtension, [
  438. 'attribute' => $label,
  439. 'extensions' => implode(', ', $this->extensions),
  440. ]);
  441. }
  442. if ($this->minSize !== null) {
  443. $options['minSize'] = $this->minSize;
  444. $options['tooSmall'] = $this->formatMessage($this->tooSmall, [
  445. 'attribute' => $label,
  446. 'limit' => $this->minSize,
  447. 'formattedLimit' => Yii::$app->formatter->asShortSize($this->minSize),
  448. ]);
  449. }
  450. if ($this->maxSize !== null) {
  451. $options['maxSize'] = $this->maxSize;
  452. $options['tooBig'] = $this->formatMessage($this->tooBig, [
  453. 'attribute' => $label,
  454. 'limit' => $this->getSizeLimit(),
  455. 'formattedLimit' => Yii::$app->formatter->asShortSize($this->getSizeLimit()),
  456. ]);
  457. }
  458. if ($this->maxFiles !== null) {
  459. $options['maxFiles'] = $this->maxFiles;
  460. $options['tooMany'] = $this->formatMessage($this->tooMany, [
  461. 'attribute' => $label,
  462. 'limit' => $this->maxFiles,
  463. ]);
  464. }
  465. return $options;
  466. }
  467. /**
  468. * Builds the RegExp from the $mask.
  469. *
  470. * @param string $mask
  471. * @return string the regular expression
  472. * @see mimeTypes
  473. */
  474. private function buildMimeTypeRegexp($mask)
  475. {
  476. return '/^' . str_replace('\*', '.*', preg_quote($mask, '/')) . '$/i';
  477. }
  478. /**
  479. * Checks the mimeType of the $file against the list in the [[mimeTypes]] property.
  480. *
  481. * @param UploadedFile $file
  482. * @return bool whether the $file mimeType is allowed
  483. * @throws \yii\base\InvalidConfigException
  484. * @see mimeTypes
  485. * @since 2.0.8
  486. */
  487. protected function validateMimeType($file)
  488. {
  489. $fileMimeType = $this->getMimeTypeByFile($file->tempName);
  490. if ($fileMimeType === null) {
  491. return false;
  492. }
  493. foreach ($this->mimeTypes as $mimeType) {
  494. if (strcasecmp($mimeType, $fileMimeType) === 0) {
  495. return true;
  496. }
  497. if (strpos($mimeType, '*') !== false && preg_match($this->buildMimeTypeRegexp($mimeType), $fileMimeType)) {
  498. return true;
  499. }
  500. }
  501. return false;
  502. }
  503. /**
  504. * Get MIME type by file path
  505. *
  506. * @param string $filePath
  507. * @return string|null
  508. * @throws \yii\base\InvalidConfigException
  509. * @since 2.0.26
  510. */
  511. protected function getMimeTypeByFile($filePath)
  512. {
  513. return FileHelper::getMimeType($filePath);
  514. }
  515. }