UploadedFile.php 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\HttpFoundation\File;
  11. use Symfony\Component\HttpFoundation\File\Exception\CannotWriteFileException;
  12. use Symfony\Component\HttpFoundation\File\Exception\ExtensionFileException;
  13. use Symfony\Component\HttpFoundation\File\Exception\FileException;
  14. use Symfony\Component\HttpFoundation\File\Exception\FileNotFoundException;
  15. use Symfony\Component\HttpFoundation\File\Exception\FormSizeFileException;
  16. use Symfony\Component\HttpFoundation\File\Exception\IniSizeFileException;
  17. use Symfony\Component\HttpFoundation\File\Exception\NoFileException;
  18. use Symfony\Component\HttpFoundation\File\Exception\NoTmpDirFileException;
  19. use Symfony\Component\HttpFoundation\File\Exception\PartialFileException;
  20. use Symfony\Component\Mime\MimeTypes;
  21. /**
  22. * A file uploaded through a form.
  23. *
  24. * @author Bernhard Schussek <bschussek@gmail.com>
  25. * @author Florian Eckerstorfer <florian@eckerstorfer.org>
  26. * @author Fabien Potencier <fabien@symfony.com>
  27. */
  28. class UploadedFile extends File
  29. {
  30. private $test;
  31. private $originalName;
  32. private $mimeType;
  33. private $error;
  34. /**
  35. * Accepts the information of the uploaded file as provided by the PHP global $_FILES.
  36. *
  37. * The file object is only created when the uploaded file is valid (i.e. when the
  38. * isValid() method returns true). Otherwise the only methods that could be called
  39. * on an UploadedFile instance are:
  40. *
  41. * * getClientOriginalName,
  42. * * getClientMimeType,
  43. * * isValid,
  44. * * getError.
  45. *
  46. * Calling any other method on an non-valid instance will cause an unpredictable result.
  47. *
  48. * @param string $path The full temporary path to the file
  49. * @param string $originalName The original file name of the uploaded file
  50. * @param string|null $mimeType The type of the file as provided by PHP; null defaults to application/octet-stream
  51. * @param int|null $error The error constant of the upload (one of PHP's UPLOAD_ERR_XXX constants); null defaults to UPLOAD_ERR_OK
  52. * @param bool $test Whether the test mode is active
  53. * Local files are used in test mode hence the code should not enforce HTTP uploads
  54. *
  55. * @throws FileException If file_uploads is disabled
  56. * @throws FileNotFoundException If the file does not exist
  57. */
  58. public function __construct(string $path, string $originalName, string $mimeType = null, int $error = null, $test = false)
  59. {
  60. $this->originalName = $this->getName($originalName);
  61. $this->mimeType = $mimeType ?: 'application/octet-stream';
  62. if (4 < \func_num_args() ? !\is_bool($test) : null !== $error && @filesize($path) === $error) {
  63. @trigger_error(sprintf('Passing a size as 4th argument to the constructor of "%s" is deprecated since Symfony 4.1.', __CLASS__), \E_USER_DEPRECATED);
  64. $error = $test;
  65. $test = 5 < \func_num_args() ? func_get_arg(5) : false;
  66. }
  67. $this->error = $error ?: \UPLOAD_ERR_OK;
  68. $this->test = $test;
  69. parent::__construct($path, \UPLOAD_ERR_OK === $this->error);
  70. }
  71. /**
  72. * Returns the original file name.
  73. *
  74. * It is extracted from the request from which the file has been uploaded.
  75. * Then it should not be considered as a safe value.
  76. *
  77. * @return string The original name
  78. */
  79. public function getClientOriginalName()
  80. {
  81. return $this->originalName;
  82. }
  83. /**
  84. * Returns the original file extension.
  85. *
  86. * It is extracted from the original file name that was uploaded.
  87. * Then it should not be considered as a safe value.
  88. *
  89. * @return string The extension
  90. */
  91. public function getClientOriginalExtension()
  92. {
  93. return pathinfo($this->originalName, \PATHINFO_EXTENSION);
  94. }
  95. /**
  96. * Returns the file mime type.
  97. *
  98. * The client mime type is extracted from the request from which the file
  99. * was uploaded, so it should not be considered as a safe value.
  100. *
  101. * For a trusted mime type, use getMimeType() instead (which guesses the mime
  102. * type based on the file content).
  103. *
  104. * @return string The mime type
  105. *
  106. * @see getMimeType()
  107. */
  108. public function getClientMimeType()
  109. {
  110. return $this->mimeType;
  111. }
  112. /**
  113. * Returns the extension based on the client mime type.
  114. *
  115. * If the mime type is unknown, returns null.
  116. *
  117. * This method uses the mime type as guessed by getClientMimeType()
  118. * to guess the file extension. As such, the extension returned
  119. * by this method cannot be trusted.
  120. *
  121. * For a trusted extension, use guessExtension() instead (which guesses
  122. * the extension based on the guessed mime type for the file).
  123. *
  124. * @return string|null The guessed extension or null if it cannot be guessed
  125. *
  126. * @see guessExtension()
  127. * @see getClientMimeType()
  128. */
  129. public function guessClientExtension()
  130. {
  131. return MimeTypes::getDefault()->getExtensions($this->getClientMimeType())[0] ?? null;
  132. }
  133. /**
  134. * Returns the file size.
  135. *
  136. * It is extracted from the request from which the file has been uploaded.
  137. * Then it should not be considered as a safe value.
  138. *
  139. * @deprecated since Symfony 4.1, use getSize() instead.
  140. *
  141. * @return int|null The file sizes
  142. */
  143. public function getClientSize()
  144. {
  145. @trigger_error(sprintf('The "%s()" method is deprecated since Symfony 4.1. Use getSize() instead.', __METHOD__), \E_USER_DEPRECATED);
  146. return $this->getSize();
  147. }
  148. /**
  149. * Returns the upload error.
  150. *
  151. * If the upload was successful, the constant UPLOAD_ERR_OK is returned.
  152. * Otherwise one of the other UPLOAD_ERR_XXX constants is returned.
  153. *
  154. * @return int The upload error
  155. */
  156. public function getError()
  157. {
  158. return $this->error;
  159. }
  160. /**
  161. * Returns whether the file was uploaded successfully.
  162. *
  163. * @return bool True if the file has been uploaded with HTTP and no error occurred
  164. */
  165. public function isValid()
  166. {
  167. $isOk = \UPLOAD_ERR_OK === $this->error;
  168. return $this->test ? $isOk : $isOk && is_uploaded_file($this->getPathname());
  169. }
  170. /**
  171. * Moves the file to a new location.
  172. *
  173. * @param string $directory The destination folder
  174. * @param string $name The new file name
  175. *
  176. * @return File A File object representing the new file
  177. *
  178. * @throws FileException if, for any reason, the file could not have been moved
  179. */
  180. public function move($directory, $name = null)
  181. {
  182. if ($this->isValid()) {
  183. if ($this->test) {
  184. return parent::move($directory, $name);
  185. }
  186. $target = $this->getTargetFile($directory, $name);
  187. set_error_handler(function ($type, $msg) use (&$error) { $error = $msg; });
  188. $moved = move_uploaded_file($this->getPathname(), $target);
  189. restore_error_handler();
  190. if (!$moved) {
  191. throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error)));
  192. }
  193. @chmod($target, 0666 & ~umask());
  194. return $target;
  195. }
  196. switch ($this->error) {
  197. case \UPLOAD_ERR_INI_SIZE:
  198. throw new IniSizeFileException($this->getErrorMessage());
  199. case \UPLOAD_ERR_FORM_SIZE:
  200. throw new FormSizeFileException($this->getErrorMessage());
  201. case \UPLOAD_ERR_PARTIAL:
  202. throw new PartialFileException($this->getErrorMessage());
  203. case \UPLOAD_ERR_NO_FILE:
  204. throw new NoFileException($this->getErrorMessage());
  205. case \UPLOAD_ERR_CANT_WRITE:
  206. throw new CannotWriteFileException($this->getErrorMessage());
  207. case \UPLOAD_ERR_NO_TMP_DIR:
  208. throw new NoTmpDirFileException($this->getErrorMessage());
  209. case \UPLOAD_ERR_EXTENSION:
  210. throw new ExtensionFileException($this->getErrorMessage());
  211. }
  212. throw new FileException($this->getErrorMessage());
  213. }
  214. /**
  215. * Returns the maximum size of an uploaded file as configured in php.ini.
  216. *
  217. * @return int|float The maximum size of an uploaded file in bytes (returns float if size > PHP_INT_MAX)
  218. */
  219. public static function getMaxFilesize()
  220. {
  221. $sizePostMax = self::parseFilesize(\ini_get('post_max_size'));
  222. $sizeUploadMax = self::parseFilesize(\ini_get('upload_max_filesize'));
  223. return min($sizePostMax ?: \PHP_INT_MAX, $sizeUploadMax ?: \PHP_INT_MAX);
  224. }
  225. /**
  226. * Returns the given size from an ini value in bytes.
  227. *
  228. * @return int|float Returns float if size > PHP_INT_MAX
  229. */
  230. private static function parseFilesize(string $size)
  231. {
  232. if ('' === $size) {
  233. return 0;
  234. }
  235. $size = strtolower($size);
  236. $max = ltrim($size, '+');
  237. if (str_starts_with($max, '0x')) {
  238. $max = \intval($max, 16);
  239. } elseif (str_starts_with($max, '0')) {
  240. $max = \intval($max, 8);
  241. } else {
  242. $max = (int) $max;
  243. }
  244. switch (substr($size, -1)) {
  245. case 't': $max *= 1024;
  246. // no break
  247. case 'g': $max *= 1024;
  248. // no break
  249. case 'm': $max *= 1024;
  250. // no break
  251. case 'k': $max *= 1024;
  252. }
  253. return $max;
  254. }
  255. /**
  256. * Returns an informative upload error message.
  257. *
  258. * @return string The error message regarding the specified error code
  259. */
  260. public function getErrorMessage()
  261. {
  262. static $errors = [
  263. \UPLOAD_ERR_INI_SIZE => 'The file "%s" exceeds your upload_max_filesize ini directive (limit is %d KiB).',
  264. \UPLOAD_ERR_FORM_SIZE => 'The file "%s" exceeds the upload limit defined in your form.',
  265. \UPLOAD_ERR_PARTIAL => 'The file "%s" was only partially uploaded.',
  266. \UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
  267. \UPLOAD_ERR_CANT_WRITE => 'The file "%s" could not be written on disk.',
  268. \UPLOAD_ERR_NO_TMP_DIR => 'File could not be uploaded: missing temporary directory.',
  269. \UPLOAD_ERR_EXTENSION => 'File upload was stopped by a PHP extension.',
  270. ];
  271. $errorCode = $this->error;
  272. $maxFilesize = \UPLOAD_ERR_INI_SIZE === $errorCode ? self::getMaxFilesize() / 1024 : 0;
  273. $message = $errors[$errorCode] ?? 'The file "%s" was not uploaded due to an unknown error.';
  274. return sprintf($message, $this->getClientOriginalName(), $maxFilesize);
  275. }
  276. }