Skip to content

Commit c19308a

Browse files
pjsdepjsde
committed
Fix a validation issue on multiple file upload
1 parent 3a0b8df commit c19308a

3 files changed

Lines changed: 152 additions & 33 deletions

File tree

system/HTTP/Files/FileCollection.php

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,41 @@ public function getFile(string $name)
111111

112112
//--------------------------------------------------------------------
113113

114+
/**
115+
* Verify if a file exist in the collection of uploaded files and is have been uploaded with multiple option.
116+
*
117+
* @param string $name
118+
*
119+
* @return array|null
120+
*/
121+
public function getFileMultiple(string $name)
122+
{
123+
$this->populateFiles();
124+
125+
if ($this->hasFile($name))
126+
{
127+
if (strpos($name, '.') !== false)
128+
{
129+
$name = explode('.', $name);
130+
$uploadedFile = $this->getValueDotNotationSyntax($name, $this->files);
131+
132+
return (is_array($uploadedFile) && ($uploadedFile[0] instanceof UploadedFile)) ?
133+
$uploadedFile : null;
134+
}
135+
136+
if (array_key_exists($name, $this->files))
137+
{
138+
$uploadedFile = $this->files[$name];
139+
return (is_array($uploadedFile) && ($uploadedFile[0] instanceof UploadedFile)) ?
140+
$uploadedFile : null;
141+
}
142+
}
143+
144+
return null;
145+
}
146+
147+
//--------------------------------------------------------------------
148+
114149
/**
115150
* Checks whether an uploaded file with name $fileID exists in
116151
* this request.

system/HTTP/IncomingRequest.php

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -547,6 +547,26 @@ public function getFiles(): array
547547

548548
//--------------------------------------------------------------------
549549

550+
/**
551+
* Verify if a file exist, by the name of the input field used to upload it, in the collection
552+
* of uploaded files and if is have been uploaded with multiple option.
553+
*
554+
* @param string $fileID
555+
*
556+
* @return array|null
557+
*/
558+
public function getFileMultiple(string $fileID)
559+
{
560+
if (is_null($this->files))
561+
{
562+
$this->files = new FileCollection();
563+
}
564+
565+
return $this->files->getFileMultiple($fileID);
566+
}
567+
568+
//--------------------------------------------------------------------
569+
550570
/**
551571
* Retrieves a single file by the name of the input field used
552572
* to upload it.

system/Validation/FileRules.php

Lines changed: 97 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -120,13 +120,25 @@ public function max_size(string $blank = null, string $params, array $data): boo
120120
$params = explode(',', $params);
121121
$name = array_shift($params);
122122

123-
$file = $this->request->getFile($name);
123+
if(!($files = $this->request->getFileMultiple($name)))
124+
{
125+
$files = [$this->request->getFile($name)];
126+
}
124127

125-
if (is_null($file))
128+
foreach ($files as $file)
126129
{
127-
return false;
130+
if (is_null($file))
131+
{
132+
return false;
133+
}
134+
135+
if ($file->getSize() / 1024 > $params[0])
136+
{
137+
return false;
138+
}
128139
}
129-
return $params[0] >= $file->getSize() / 1024;
140+
141+
return true;
130142
}
131143

132144
//--------------------------------------------------------------------
@@ -148,18 +160,31 @@ public function is_image(string $blank = null, string $params, array $data): boo
148160
$params = explode(',', $params);
149161
$name = array_shift($params);
150162

151-
$file = $this->request->getFile($name);
152-
153-
if (is_null($file))
163+
if(!($files = $this->request->getFileMultiple($name)))
154164
{
155-
return false;
165+
$files = [$this->request->getFile($name)];
156166
}
157167

158-
// We know that our mimes list always has the first mime
159-
// start with `image` even when then are multiple accepted types.
160-
$type = \Config\Mimes::guessTypeFromExtension($file->getExtension());
168+
foreach ($files as $file)
169+
{
170+
$file = $this->request->getFile($name);
171+
172+
if (is_null($file))
173+
{
174+
return false;
175+
}
161176

162-
return mb_strpos($type, 'image') === 0;
177+
// We know that our mimes list always has the first mime
178+
// start with `image` even when then are multiple accepted types.
179+
$type = \Config\Mimes::guessTypeFromExtension($file->getExtension());
180+
181+
if (mb_strpos($type, 'image') !== 0)
182+
{
183+
return false;
184+
}
185+
}
186+
187+
return true;
163188
}
164189

165190
//--------------------------------------------------------------------
@@ -180,14 +205,27 @@ public function mime_in(string $blank = null, string $params, array $data): bool
180205
$params = explode(',', $params);
181206
$name = array_shift($params);
182207

183-
$file = $this->request->getFile($name);
208+
if(!($files = $this->request->getFileMultiple($name)))
209+
{
210+
$files = [$this->request->getFile($name)];
211+
}
184212

185-
if (is_null($file))
213+
foreach ($files as $file)
186214
{
187-
return false;
215+
$file = $this->request->getFile($name);
216+
217+
if (is_null($file))
218+
{
219+
return false;
220+
}
221+
222+
if (!in_array($file->getMimeType(), $params))
223+
{
224+
return false;
225+
}
188226
}
189227

190-
return in_array($file->getMimeType(), $params);
228+
return true;
191229
}
192230

193231
//--------------------------------------------------------------------
@@ -208,14 +246,27 @@ public function ext_in(string $blank = null, string $params, array $data): bool
208246
$params = explode(',', $params);
209247
$name = array_shift($params);
210248

211-
$file = $this->request->getFile($name);
249+
if(!($files = $this->request->getFileMultiple($name)))
250+
{
251+
$files = [$this->request->getFile($name)];
252+
}
212253

213-
if (is_null($file))
254+
foreach ($files as $file)
214255
{
215-
return false;
256+
$file = $this->request->getFile($name);
257+
258+
if (is_null($file))
259+
{
260+
return false;
261+
}
262+
263+
if (!in_array($file->getExtension(), $params))
264+
{
265+
return false;
266+
}
216267
}
217268

218-
return in_array($file->getExtension(), $params);
269+
return true;
219270
}
220271

221272
//--------------------------------------------------------------------
@@ -237,23 +288,36 @@ public function max_dims(string $blank = null, string $params, array $data): boo
237288
$params = explode(',', $params);
238289
$name = array_shift($params);
239290

240-
$file = $this->request->getFile($name);
241-
242-
if (is_null($file))
291+
if(!($files = $this->request->getFileMultiple($name)))
243292
{
244-
return false;
293+
$files = [$this->request->getFile($name)];
245294
}
246295

247-
// Get Parameter sizes
248-
$allowedWidth = $params[0] ?? 0;
249-
$allowedHeight = $params[1] ?? 0;
250-
251-
// Get uploaded image size
252-
$info = getimagesize($file->getTempName());
253-
$fileWidth = $info[0];
254-
$fileHeight = $info[1];
296+
foreach ($files as $file)
297+
{
298+
$file = $this->request->getFile($name);
299+
300+
if (is_null($file))
301+
{
302+
return false;
303+
}
304+
305+
// Get Parameter sizes
306+
$allowedWidth = $params[0] ?? 0;
307+
$allowedHeight = $params[1] ?? 0;
308+
309+
// Get uploaded image size
310+
$info = getimagesize($file->getTempName());
311+
$fileWidth = $info[0];
312+
$fileHeight = $info[1];
313+
314+
if ( $fileWidth > $allowedWidth || $fileHeight > $allowedHeight)
315+
{
316+
return false;
317+
}
318+
}
255319

256-
return $fileWidth <= $allowedWidth && $fileHeight <= $allowedHeight;
320+
return true;
257321
}
258322

259323
//--------------------------------------------------------------------

0 commit comments

Comments
 (0)