MultipartFormDataParser.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372
  1. <?php
  2. /**
  3. * @link https://www.yiiframework.com/
  4. * @copyright Copyright (c) 2008 Yii Software LLC
  5. * @license https://www.yiiframework.com/license/
  6. */
  7. namespace yii\web;
  8. use yii\base\BaseObject;
  9. use yii\helpers\ArrayHelper;
  10. use yii\helpers\StringHelper;
  11. /**
  12. * MultipartFormDataParser parses content encoded as 'multipart/form-data'.
  13. * This parser provides the fallback for the 'multipart/form-data' processing on non POST requests,
  14. * for example: the one with 'PUT' request method.
  15. *
  16. * In order to enable this parser you should configure [[Request::parsers]] in the following way:
  17. *
  18. * ```php
  19. * return [
  20. * 'components' => [
  21. * 'request' => [
  22. * 'parsers' => [
  23. * 'multipart/form-data' => 'yii\web\MultipartFormDataParser'
  24. * ],
  25. * ],
  26. * // ...
  27. * ],
  28. * // ...
  29. * ];
  30. * ```
  31. *
  32. * Method [[parse()]] of this parser automatically populates `$_FILES` with the files parsed from raw body.
  33. *
  34. * > Note: since this is a request parser, it will initialize `$_FILES` values on [[Request::getBodyParams()]].
  35. * Until this method is invoked, `$_FILES` array will remain empty even if there are submitted files in the
  36. * request body. Make sure you have requested body params before any attempt to get uploaded file in case
  37. * you are using this parser.
  38. *
  39. * Usage example:
  40. *
  41. * ```php
  42. * use yii\web\UploadedFile;
  43. *
  44. * $restRequestData = Yii::$app->request->getBodyParams();
  45. * $uploadedFile = UploadedFile::getInstancesByName('photo');
  46. *
  47. * $model = new Item();
  48. * $model->populate($restRequestData);
  49. * copy($uploadedFile->tempName, '/path/to/file/storage/photo.jpg');
  50. * ```
  51. *
  52. * > Note: although this parser fully emulates regular structure of the `$_FILES`, related temporary
  53. * files, which are available via `tmp_name` key, will not be recognized by PHP as uploaded ones.
  54. * Thus functions like `is_uploaded_file()` and `move_uploaded_file()` will fail on them.
  55. *
  56. * @property int $uploadFileMaxCount Maximum upload files count.
  57. * @property int $uploadFileMaxSize Upload file max size in bytes.
  58. *
  59. * @author Paul Klimov <klimov.paul@gmail.com>
  60. * @since 2.0.10
  61. */
  62. class MultipartFormDataParser extends BaseObject implements RequestParserInterface
  63. {
  64. /**
  65. * @var bool whether to parse raw body even for 'POST' request and `$_FILES` already populated.
  66. * By default this option is disabled saving performance for 'POST' requests, which are already
  67. * processed by PHP automatically.
  68. * > Note: if this option is enabled, value of `$_FILES` will be reset on each parse.
  69. * @since 2.0.13
  70. */
  71. public $force = false;
  72. /**
  73. * @var int upload file max size in bytes.
  74. */
  75. private $_uploadFileMaxSize;
  76. /**
  77. * @var int maximum upload files count.
  78. */
  79. private $_uploadFileMaxCount;
  80. /**
  81. * @return int upload file max size in bytes.
  82. */
  83. public function getUploadFileMaxSize()
  84. {
  85. if ($this->_uploadFileMaxSize === null) {
  86. $this->_uploadFileMaxSize = $this->getByteSize(ini_get('upload_max_filesize'));
  87. }
  88. return $this->_uploadFileMaxSize;
  89. }
  90. /**
  91. * @param int $uploadFileMaxSize upload file max size in bytes.
  92. */
  93. public function setUploadFileMaxSize($uploadFileMaxSize)
  94. {
  95. $this->_uploadFileMaxSize = $uploadFileMaxSize;
  96. }
  97. /**
  98. * @return int maximum upload files count.
  99. */
  100. public function getUploadFileMaxCount()
  101. {
  102. if ($this->_uploadFileMaxCount === null) {
  103. $this->_uploadFileMaxCount = (int)ini_get('max_file_uploads');
  104. }
  105. return $this->_uploadFileMaxCount;
  106. }
  107. /**
  108. * @param int $uploadFileMaxCount maximum upload files count.
  109. */
  110. public function setUploadFileMaxCount($uploadFileMaxCount)
  111. {
  112. $this->_uploadFileMaxCount = $uploadFileMaxCount;
  113. }
  114. /**
  115. * {@inheritdoc}
  116. */
  117. public function parse($rawBody, $contentType)
  118. {
  119. if (!$this->force) {
  120. if (!empty($_POST) || !empty($_FILES)) {
  121. // normal POST request is parsed by PHP automatically
  122. return $_POST;
  123. }
  124. } else {
  125. $_FILES = [];
  126. }
  127. if (empty($rawBody)) {
  128. return [];
  129. }
  130. if (!preg_match('/boundary="?(.*)"?$/is', $contentType, $matches)) {
  131. return [];
  132. }
  133. $boundary = trim($matches[1], '"');
  134. $bodyParts = preg_split('/\\R?-+' . preg_quote($boundary, '/') . '/s', $rawBody);
  135. array_pop($bodyParts); // last block always has no data, contains boundary ending like `--`
  136. $bodyParams = [];
  137. $filesCount = 0;
  138. foreach ($bodyParts as $bodyPart) {
  139. if (empty($bodyPart)) {
  140. continue;
  141. }
  142. list($headers, $value) = preg_split('/\\R\\R/', $bodyPart, 2);
  143. $headers = $this->parseHeaders($headers);
  144. if (!isset($headers['content-disposition']['name'])) {
  145. continue;
  146. }
  147. if (isset($headers['content-disposition']['filename'])) {
  148. // file upload:
  149. if ($filesCount >= $this->getUploadFileMaxCount()) {
  150. continue;
  151. }
  152. $fileInfo = [
  153. 'name' => $headers['content-disposition']['filename'],
  154. 'type' => ArrayHelper::getValue($headers, 'content-type', 'application/octet-stream'),
  155. 'size' => StringHelper::byteLength($value),
  156. 'error' => UPLOAD_ERR_OK,
  157. 'tmp_name' => null,
  158. ];
  159. if ($fileInfo['size'] > $this->getUploadFileMaxSize()) {
  160. $fileInfo['error'] = UPLOAD_ERR_INI_SIZE;
  161. } else {
  162. $tmpResource = tmpfile();
  163. if ($tmpResource === false) {
  164. $fileInfo['error'] = UPLOAD_ERR_CANT_WRITE;
  165. } else {
  166. $tmpResourceMetaData = stream_get_meta_data($tmpResource);
  167. $tmpFileName = $tmpResourceMetaData['uri'];
  168. if (empty($tmpFileName)) {
  169. $fileInfo['error'] = UPLOAD_ERR_CANT_WRITE;
  170. @fclose($tmpResource);
  171. } else {
  172. fwrite($tmpResource, $value);
  173. rewind($tmpResource);
  174. $fileInfo['tmp_name'] = $tmpFileName;
  175. $fileInfo['tmp_resource'] = $tmpResource; // save file resource, otherwise it will be deleted
  176. }
  177. }
  178. }
  179. $this->addFile($_FILES, $headers['content-disposition']['name'], $fileInfo);
  180. $filesCount++;
  181. } else {
  182. // regular parameter:
  183. $this->addValue($bodyParams, $headers['content-disposition']['name'], $value);
  184. }
  185. }
  186. return $bodyParams;
  187. }
  188. /**
  189. * Parses content part headers.
  190. * @param string $headerContent headers source content
  191. * @return array parsed headers.
  192. */
  193. private function parseHeaders($headerContent)
  194. {
  195. $headers = [];
  196. $headerParts = preg_split('/\\R/su', $headerContent, -1, PREG_SPLIT_NO_EMPTY);
  197. foreach ($headerParts as $headerPart) {
  198. if (strpos($headerPart, ':') === false) {
  199. continue;
  200. }
  201. list($headerName, $headerValue) = explode(':', $headerPart, 2);
  202. $headerName = strtolower(trim($headerName));
  203. $headerValue = trim($headerValue);
  204. if (strpos($headerValue, ';') === false) {
  205. $headers[$headerName] = $headerValue;
  206. } else {
  207. $headers[$headerName] = [];
  208. foreach (explode(';', $headerValue) as $part) {
  209. $part = trim($part);
  210. if (strpos($part, '=') === false) {
  211. $headers[$headerName][] = $part;
  212. } else {
  213. list($name, $value) = explode('=', $part, 2);
  214. $name = strtolower(trim($name));
  215. $value = trim(trim($value), '"');
  216. $headers[$headerName][$name] = $value;
  217. }
  218. }
  219. }
  220. }
  221. return $headers;
  222. }
  223. /**
  224. * Adds value to the array by input name, e.g. `Item[name]`.
  225. * @param array $array array which should store value.
  226. * @param string $name input name specification.
  227. * @param mixed $value value to be added.
  228. */
  229. private function addValue(&$array, $name, $value)
  230. {
  231. $nameParts = preg_split('/\\]\\[|\\[/s', $name);
  232. $current = &$array;
  233. foreach ($nameParts as $namePart) {
  234. $namePart = trim($namePart, ']');
  235. if ($namePart === '') {
  236. $current[] = [];
  237. $keys = array_keys($current);
  238. $lastKey = array_pop($keys);
  239. $current = &$current[$lastKey];
  240. } else {
  241. if (!isset($current[$namePart])) {
  242. $current[$namePart] = [];
  243. }
  244. $current = &$current[$namePart];
  245. }
  246. }
  247. $current = $value;
  248. }
  249. /**
  250. * Adds file info to the uploaded files array by input name, e.g. `Item[file]`.
  251. * @param array $files array containing uploaded files
  252. * @param string $name input name specification.
  253. * @param array $info file info.
  254. */
  255. private function addFile(&$files, $name, $info)
  256. {
  257. if (strpos($name, '[') === false) {
  258. $files[$name] = $info;
  259. return;
  260. }
  261. $fileInfoAttributes = [
  262. 'name',
  263. 'type',
  264. 'size',
  265. 'error',
  266. 'tmp_name',
  267. 'tmp_resource',
  268. ];
  269. $nameParts = preg_split('/\\]\\[|\\[/s', $name);
  270. $baseName = array_shift($nameParts);
  271. if (!isset($files[$baseName])) {
  272. $files[$baseName] = [];
  273. foreach ($fileInfoAttributes as $attribute) {
  274. $files[$baseName][$attribute] = [];
  275. }
  276. } else {
  277. foreach ($fileInfoAttributes as $attribute) {
  278. $files[$baseName][$attribute] = (array) $files[$baseName][$attribute];
  279. }
  280. }
  281. foreach ($fileInfoAttributes as $attribute) {
  282. if (!isset($info[$attribute])) {
  283. continue;
  284. }
  285. $current = &$files[$baseName][$attribute];
  286. foreach ($nameParts as $namePart) {
  287. $namePart = trim($namePart, ']');
  288. if ($namePart === '') {
  289. $current[] = [];
  290. $keys = array_keys($current);
  291. $lastKey = array_pop($keys);
  292. $current = &$current[$lastKey];
  293. } else {
  294. if (!isset($current[$namePart])) {
  295. $current[$namePart] = [];
  296. }
  297. $current = &$current[$namePart];
  298. }
  299. }
  300. $current = $info[$attribute];
  301. }
  302. }
  303. /**
  304. * Gets the size in bytes from verbose size representation.
  305. *
  306. * For example: '5K' => 5*1024.
  307. * @param string $verboseSize verbose size representation.
  308. * @return int actual size in bytes.
  309. */
  310. private function getByteSize($verboseSize)
  311. {
  312. if (empty($verboseSize)) {
  313. return 0;
  314. }
  315. if (is_numeric($verboseSize)) {
  316. return (int) $verboseSize;
  317. }
  318. $sizeUnit = trim($verboseSize, '0123456789');
  319. $size = trim(str_replace($sizeUnit, '', $verboseSize));
  320. if (!is_numeric($size)) {
  321. return 0;
  322. }
  323. switch (strtolower($sizeUnit)) {
  324. case 'kb':
  325. case 'k':
  326. return $size * 1024;
  327. case 'mb':
  328. case 'm':
  329. return $size * 1024 * 1024;
  330. case 'gb':
  331. case 'g':
  332. return $size * 1024 * 1024 * 1024;
  333. default:
  334. return 0;
  335. }
  336. }
  337. }