CODEWITHSUNDEEP
phpfilevalidationyii2
za_al
za_al

Reputation: 111

Server Side file validation Don't work in Yii.2.0

Is the FileValidator class in Yii2 only supports clientside validation ?

I written the file upload system with the use of code :

in model:

 public function rules() {
    return [


        [['allAllowedFileType'], 'safe'],

        [['allAllowedFileType'], 'file',
            'extensions'=>'jpg',
            'mimeTypes' => 'image/jpeg'],

    ];
}

in controller:

 public function actionCreate() {
    $model = new File();
    if ($model->load(Yii::$app->request->post())) {
        // get the uploaded file instance. for multiple file uploads
        // the following data will return an array
       $image = UploadedFile::getInstance($model, 'allAllowedFileType');
        // store the source file name
        $model->name = $image->name;
        $ext = end((explode(".", $image->name)));

        // generate a unique file name
        $avatar = Yii::$app->security->generateRandomString().".{$ext}";


        $path = 'c:wamp/www/' . $avatar;
        if($model->validate()&&$model->save(0)){
            $image->saveAs($path);
            return $this->redirect(['view', 'id'=>$model->id]);
        } else {
            // error in saving model
        }
    }
    return $this->render('create', [
        'model'=>$model,
    ]);
}

in view :

<?php
$form = ActiveForm::begin(['enableClientValidation' => true,
            'options' => ['enctype' => 'multipart/form-data'] // important
]);

echo $form->field($model, "allAllowedFileType")->fileInput();

?>

When a invalid file(for example file by .php extention) is loaded . Only client-side validation is done.

Once the form is set as follows:

    $form = ActiveForm::begin(['enableClientValidation' => false,
            'options' => ['enctype' => 'multipart/form-data'] // important
]);

No error message is given and the files will not be Server side validated.

also i tried to set the variable ($model->allAllowedFileType) as follows :

$model->allAllowedFileType=$_FILES['File'];

I uploaded invalid file for example file by .exe extention) and execute validate function, the error message wont be displayed.and $model->errors is empty.

public function actionCreate() {
    $model = new File();
    if ($model->load(Yii::$app->request->post())) {


       $image = UploadedFile::getInstance($model, 'allAllowedFileType');

      ...

       $model->allAllowedFileType=$_FILES['File'];

        if($model->validate()){

           //save file

        } else {

             die(var_dump($model->errors));
        }
    }
    return $this->render('create', [
        'model'=>$model,
    ]);
}

Upvotes: 3

Views: 1073

Answers (2)

za_al
za_al

Reputation: 111

I find solution.

With yii2 is a little difference in yii1 Upload file:

You have set as follow:

old-code: with this code $model->allAllowedfileType not set and $model->validate() not work.

           $image = UploadedFile::getInstance($model, 'allAllowedfileType ');

replace with:(with this code $model->allAllowedfileType set and $model->validate() work.)

            $model->allAllowedFileType = UploadedFile::getInstance($model, 'allAllowedFileType');

i hope it usefull.:)

Upvotes: 0

BHoft
BHoft

Reputation: 1663

Try to add 'skipOnEmpty' => false and maybe checkExtensionByMimeType to your rules.

[['allAllowedFileType'], 'file', 'skipOnEmpty' => false, 'extensions' => 'jpg', 'checkExtensionByMimeType' => true],

At least i have this running in my form where i haven't disabled client side validation. Not sure if you have enabled all required php extensions fileinfo is required.

http://www.yiiframework.com/doc-2.0/yii-validators-filevalidator.html

Upvotes: 1

Related Questions