Drupal investigation

FileValidator.php 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\Validator\Constraints;
  11. use Symfony\Component\HttpFoundation\File\File as FileObject;
  12. use Symfony\Component\HttpFoundation\File\UploadedFile;
  13. use Symfony\Component\Validator\Context\ExecutionContextInterface;
  14. use Symfony\Component\Validator\Constraint;
  15. use Symfony\Component\Validator\ConstraintValidator;
  16. use Symfony\Component\Validator\Exception\UnexpectedTypeException;
  17. /**
  18. * @author Bernhard Schussek <bschussek@gmail.com>
  19. */
  20. class FileValidator extends ConstraintValidator
  21. {
  22. const KB_BYTES = 1000;
  23. const MB_BYTES = 1000000;
  24. const KIB_BYTES = 1024;
  25. const MIB_BYTES = 1048576;
  26. private static $suffices = array(
  27. 1 => 'bytes',
  28. self::KB_BYTES => 'kB',
  29. self::MB_BYTES => 'MB',
  30. self::KIB_BYTES => 'KiB',
  31. self::MIB_BYTES => 'MiB',
  32. );
  33. /**
  34. * {@inheritdoc}
  35. */
  36. public function validate($value, Constraint $constraint)
  37. {
  38. if (!$constraint instanceof File) {
  39. throw new UnexpectedTypeException($constraint, __NAMESPACE__.'\File');
  40. }
  41. if (null === $value || '' === $value) {
  42. return;
  43. }
  44. if ($value instanceof UploadedFile && !$value->isValid()) {
  45. switch ($value->getError()) {
  46. case UPLOAD_ERR_INI_SIZE:
  47. $iniLimitSize = UploadedFile::getMaxFilesize();
  48. if ($constraint->maxSize && $constraint->maxSize < $iniLimitSize) {
  49. $limitInBytes = $constraint->maxSize;
  50. $binaryFormat = $constraint->binaryFormat;
  51. } else {
  52. $limitInBytes = $iniLimitSize;
  53. $binaryFormat = true;
  54. }
  55. list($sizeAsString, $limitAsString, $suffix) = $this->factorizeSizes(0, $limitInBytes, $binaryFormat);
  56. if ($this->context instanceof ExecutionContextInterface) {
  57. $this->context->buildViolation($constraint->uploadIniSizeErrorMessage)
  58. ->setParameter('{{ limit }}', $limitAsString)
  59. ->setParameter('{{ suffix }}', $suffix)
  60. ->setCode(UPLOAD_ERR_INI_SIZE)
  61. ->addViolation();
  62. } else {
  63. $this->buildViolation($constraint->uploadIniSizeErrorMessage)
  64. ->setParameter('{{ limit }}', $limitAsString)
  65. ->setParameter('{{ suffix }}', $suffix)
  66. ->setCode(UPLOAD_ERR_INI_SIZE)
  67. ->addViolation();
  68. }
  69. return;
  70. case UPLOAD_ERR_FORM_SIZE:
  71. if ($this->context instanceof ExecutionContextInterface) {
  72. $this->context->buildViolation($constraint->uploadFormSizeErrorMessage)
  73. ->setCode(UPLOAD_ERR_FORM_SIZE)
  74. ->addViolation();
  75. } else {
  76. $this->buildViolation($constraint->uploadFormSizeErrorMessage)
  77. ->setCode(UPLOAD_ERR_FORM_SIZE)
  78. ->addViolation();
  79. }
  80. return;
  81. case UPLOAD_ERR_PARTIAL:
  82. if ($this->context instanceof ExecutionContextInterface) {
  83. $this->context->buildViolation($constraint->uploadPartialErrorMessage)
  84. ->setCode(UPLOAD_ERR_PARTIAL)
  85. ->addViolation();
  86. } else {
  87. $this->buildViolation($constraint->uploadPartialErrorMessage)
  88. ->setCode(UPLOAD_ERR_PARTIAL)
  89. ->addViolation();
  90. }
  91. return;
  92. case UPLOAD_ERR_NO_FILE:
  93. if ($this->context instanceof ExecutionContextInterface) {
  94. $this->context->buildViolation($constraint->uploadNoFileErrorMessage)
  95. ->setCode(UPLOAD_ERR_NO_FILE)
  96. ->addViolation();
  97. } else {
  98. $this->buildViolation($constraint->uploadNoFileErrorMessage)
  99. ->setCode(UPLOAD_ERR_NO_FILE)
  100. ->addViolation();
  101. }
  102. return;
  103. case UPLOAD_ERR_NO_TMP_DIR:
  104. if ($this->context instanceof ExecutionContextInterface) {
  105. $this->context->buildViolation($constraint->uploadNoTmpDirErrorMessage)
  106. ->setCode(UPLOAD_ERR_NO_TMP_DIR)
  107. ->addViolation();
  108. } else {
  109. $this->buildViolation($constraint->uploadNoTmpDirErrorMessage)
  110. ->setCode(UPLOAD_ERR_NO_TMP_DIR)
  111. ->addViolation();
  112. }
  113. return;
  114. case UPLOAD_ERR_CANT_WRITE:
  115. if ($this->context instanceof ExecutionContextInterface) {
  116. $this->context->buildViolation($constraint->uploadCantWriteErrorMessage)
  117. ->setCode(UPLOAD_ERR_CANT_WRITE)
  118. ->addViolation();
  119. } else {
  120. $this->buildViolation($constraint->uploadCantWriteErrorMessage)
  121. ->setCode(UPLOAD_ERR_CANT_WRITE)
  122. ->addViolation();
  123. }
  124. return;
  125. case UPLOAD_ERR_EXTENSION:
  126. if ($this->context instanceof ExecutionContextInterface) {
  127. $this->context->buildViolation($constraint->uploadExtensionErrorMessage)
  128. ->setCode(UPLOAD_ERR_EXTENSION)
  129. ->addViolation();
  130. } else {
  131. $this->buildViolation($constraint->uploadExtensionErrorMessage)
  132. ->setCode(UPLOAD_ERR_EXTENSION)
  133. ->addViolation();
  134. }
  135. return;
  136. default:
  137. if ($this->context instanceof ExecutionContextInterface) {
  138. $this->context->buildViolation($constraint->uploadErrorMessage)
  139. ->setCode($value->getError())
  140. ->addViolation();
  141. } else {
  142. $this->buildViolation($constraint->uploadErrorMessage)
  143. ->setCode($value->getError())
  144. ->addViolation();
  145. }
  146. return;
  147. }
  148. }
  149. if (!is_scalar($value) && !$value instanceof FileObject && !(is_object($value) && method_exists($value, '__toString'))) {
  150. throw new UnexpectedTypeException($value, 'string');
  151. }
  152. $path = $value instanceof FileObject ? $value->getPathname() : (string) $value;
  153. if (!is_file($path)) {
  154. if ($this->context instanceof ExecutionContextInterface) {
  155. $this->context->buildViolation($constraint->notFoundMessage)
  156. ->setParameter('{{ file }}', $this->formatValue($path))
  157. ->setCode(File::NOT_FOUND_ERROR)
  158. ->addViolation();
  159. } else {
  160. $this->buildViolation($constraint->notFoundMessage)
  161. ->setParameter('{{ file }}', $this->formatValue($path))
  162. ->setCode(File::NOT_FOUND_ERROR)
  163. ->addViolation();
  164. }
  165. return;
  166. }
  167. if (!is_readable($path)) {
  168. if ($this->context instanceof ExecutionContextInterface) {
  169. $this->context->buildViolation($constraint->notReadableMessage)
  170. ->setParameter('{{ file }}', $this->formatValue($path))
  171. ->setCode(File::NOT_READABLE_ERROR)
  172. ->addViolation();
  173. } else {
  174. $this->buildViolation($constraint->notReadableMessage)
  175. ->setParameter('{{ file }}', $this->formatValue($path))
  176. ->setCode(File::NOT_READABLE_ERROR)
  177. ->addViolation();
  178. }
  179. return;
  180. }
  181. $sizeInBytes = filesize($path);
  182. if (0 === $sizeInBytes) {
  183. if ($this->context instanceof ExecutionContextInterface) {
  184. $this->context->buildViolation($constraint->disallowEmptyMessage)
  185. ->setParameter('{{ file }}', $this->formatValue($path))
  186. ->setCode(File::EMPTY_ERROR)
  187. ->addViolation();
  188. } else {
  189. $this->buildViolation($constraint->disallowEmptyMessage)
  190. ->setParameter('{{ file }}', $this->formatValue($path))
  191. ->setCode(File::EMPTY_ERROR)
  192. ->addViolation();
  193. }
  194. return;
  195. }
  196. if ($constraint->maxSize) {
  197. $limitInBytes = $constraint->maxSize;
  198. if ($sizeInBytes > $limitInBytes) {
  199. list($sizeAsString, $limitAsString, $suffix) = $this->factorizeSizes($sizeInBytes, $limitInBytes, $constraint->binaryFormat);
  200. if ($this->context instanceof ExecutionContextInterface) {
  201. $this->context->buildViolation($constraint->maxSizeMessage)
  202. ->setParameter('{{ file }}', $this->formatValue($path))
  203. ->setParameter('{{ size }}', $sizeAsString)
  204. ->setParameter('{{ limit }}', $limitAsString)
  205. ->setParameter('{{ suffix }}', $suffix)
  206. ->setCode(File::TOO_LARGE_ERROR)
  207. ->addViolation();
  208. } else {
  209. $this->buildViolation($constraint->maxSizeMessage)
  210. ->setParameter('{{ file }}', $this->formatValue($path))
  211. ->setParameter('{{ size }}', $sizeAsString)
  212. ->setParameter('{{ limit }}', $limitAsString)
  213. ->setParameter('{{ suffix }}', $suffix)
  214. ->setCode(File::TOO_LARGE_ERROR)
  215. ->addViolation();
  216. }
  217. return;
  218. }
  219. }
  220. if ($constraint->mimeTypes) {
  221. if (!$value instanceof FileObject) {
  222. $value = new FileObject($value);
  223. }
  224. $mimeTypes = (array) $constraint->mimeTypes;
  225. $mime = $value->getMimeType();
  226. foreach ($mimeTypes as $mimeType) {
  227. if ($mimeType === $mime) {
  228. return;
  229. }
  230. if ($discrete = strstr($mimeType, '/*', true)) {
  231. if (strstr($mime, '/', true) === $discrete) {
  232. return;
  233. }
  234. }
  235. }
  236. if ($this->context instanceof ExecutionContextInterface) {
  237. $this->context->buildViolation($constraint->mimeTypesMessage)
  238. ->setParameter('{{ file }}', $this->formatValue($path))
  239. ->setParameter('{{ type }}', $this->formatValue($mime))
  240. ->setParameter('{{ types }}', $this->formatValues($mimeTypes))
  241. ->setCode(File::INVALID_MIME_TYPE_ERROR)
  242. ->addViolation();
  243. } else {
  244. $this->buildViolation($constraint->mimeTypesMessage)
  245. ->setParameter('{{ file }}', $this->formatValue($path))
  246. ->setParameter('{{ type }}', $this->formatValue($mime))
  247. ->setParameter('{{ types }}', $this->formatValues($mimeTypes))
  248. ->setCode(File::INVALID_MIME_TYPE_ERROR)
  249. ->addViolation();
  250. }
  251. }
  252. }
  253. private static function moreDecimalsThan($double, $numberOfDecimals)
  254. {
  255. return strlen((string) $double) > strlen(round($double, $numberOfDecimals));
  256. }
  257. /**
  258. * Convert the limit to the smallest possible number
  259. * (i.e. try "MB", then "kB", then "bytes").
  260. */
  261. private function factorizeSizes($size, $limit, $binaryFormat)
  262. {
  263. if ($binaryFormat) {
  264. $coef = self::MIB_BYTES;
  265. $coefFactor = self::KIB_BYTES;
  266. } else {
  267. $coef = self::MB_BYTES;
  268. $coefFactor = self::KB_BYTES;
  269. }
  270. $limitAsString = (string) ($limit / $coef);
  271. // Restrict the limit to 2 decimals (without rounding! we
  272. // need the precise value)
  273. while (self::moreDecimalsThan($limitAsString, 2)) {
  274. $coef /= $coefFactor;
  275. $limitAsString = (string) ($limit / $coef);
  276. }
  277. // Convert size to the same measure, but round to 2 decimals
  278. $sizeAsString = (string) round($size / $coef, 2);
  279. // If the size and limit produce the same string output
  280. // (due to rounding), reduce the coefficient
  281. while ($sizeAsString === $limitAsString) {
  282. $coef /= $coefFactor;
  283. $limitAsString = (string) ($limit / $coef);
  284. $sizeAsString = (string) round($size / $coef, 2);
  285. }
  286. return array($sizeAsString, $limitAsString, self::$suffices[$coef]);
  287. }
  288. }