1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
<?php
/**
* Zend Framework (http://framework.zend.com/)
*
* @link http://github.com/zendframework/zf2 for the canonical source repository
* @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
namespace Zend\Validator\File;
use Psr\Http\Message\UploadedFileInterface;
use Zend\Validator\AbstractValidator;
use Zend\Validator\Exception;
/**
* Validator for the maximum size of a file up to a max of 2GB
*/
class UploadFile extends AbstractValidator
{
/**
* @const string Error constants
*/
const INI_SIZE = 'fileUploadFileErrorIniSize';
const FORM_SIZE = 'fileUploadFileErrorFormSize';
const PARTIAL = 'fileUploadFileErrorPartial';
const NO_FILE = 'fileUploadFileErrorNoFile';
const NO_TMP_DIR = 'fileUploadFileErrorNoTmpDir';
const CANT_WRITE = 'fileUploadFileErrorCantWrite';
const EXTENSION = 'fileUploadFileErrorExtension';
const ATTACK = 'fileUploadFileErrorAttack';
const FILE_NOT_FOUND = 'fileUploadFileErrorFileNotFound';
const UNKNOWN = 'fileUploadFileErrorUnknown';
/**
* @var array Error message templates
*/
protected $messageTemplates = [
self::INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini',
self::FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was '
. 'specified in the HTML form',
self::PARTIAL => 'The uploaded file was only partially uploaded',
self::NO_FILE => 'No file was uploaded',
self::NO_TMP_DIR => 'Missing a temporary folder',
self::CANT_WRITE => 'Failed to write file to disk',
self::EXTENSION => 'A PHP extension stopped the file upload',
self::ATTACK => 'File was illegally uploaded. This could be a possible attack',
self::FILE_NOT_FOUND => 'File was not found',
self::UNKNOWN => 'Unknown error while uploading file',
];
/**
* Returns true if and only if the file was uploaded without errors
*
* @param string|array|UploadedFileInterface $value File to check for upload errors
* @return bool
* @throws Exception\InvalidArgumentException
*/
public function isValid($value)
{
if (is_array($value)) {
if (! isset($value['tmp_name']) || ! isset($value['name']) || ! isset($value['error'])) {
throw new Exception\InvalidArgumentException(
'Value array must be in $_FILES format'
);
}
return $this->validateUploadedFile(
$value['error'],
$value['name'],
$value['tmp_name']
);
}
if ($value instanceof UploadedFileInterface) {
return $this->validatePsr7UploadedFile($value);
}
if (is_string($value)) {
return $this->validateUploadedFile(0, basename($value), $value);
}
$this->error(self::UNKNOWN);
return false;
}
/**
* @param int $error UPLOAD_ERR_* constant value
* @return bool
*/
private function validateFileFromErrorCode($error)
{
switch ($error) {
case UPLOAD_ERR_OK:
return true;
case UPLOAD_ERR_INI_SIZE:
$this->error(self::INI_SIZE);
return false;
case UPLOAD_ERR_FORM_SIZE:
$this->error(self::FORM_SIZE);
return false;
case UPLOAD_ERR_PARTIAL:
$this->error(self::PARTIAL);
return false;
case UPLOAD_ERR_NO_FILE:
$this->error(self::NO_FILE);
return false;
case UPLOAD_ERR_NO_TMP_DIR:
$this->error(self::NO_TMP_DIR);
return false;
case UPLOAD_ERR_CANT_WRITE:
$this->error(self::CANT_WRITE);
return false;
case UPLOAD_ERR_EXTENSION:
$this->error(self::EXTENSION);
return false;
default:
$this->error(self::UNKNOWN);
return false;
}
}
/**
* @param int $error UPLOAD_ERR_* constant
* @param string $filename
* @param string $uploadedFile Name of uploaded file (gen tmp_name)
* @return bool
*/
private function validateUploadedFile($error, $filename, $uploadedFile)
{
$this->setValue($filename);
// Normal errors can be validated normally
if ($error !== UPLOAD_ERR_OK) {
return $this->validateFileFromErrorCode($error);
}
// Did we get no name? Is the file missing?
if (empty($uploadedFile) || false === is_file($uploadedFile)) {
$this->error(self::FILE_NOT_FOUND);
return false;
}
// Do we have an invalid upload?
if (! is_uploaded_file($uploadedFile)) {
$this->error(self::ATTACK);
return false;
}
return true;
}
/**
* @return bool
*/
private function validatePsr7UploadedFile(UploadedFileInterface $uploadedFile)
{
$this->setValue($uploadedFile);
return $this->validateFileFromErrorCode($uploadedFile->getError());
}
}