mirror of
https://github.com/flarum/core.git
synced 2025-10-18 02:06:08 +02:00
1cbb2a365e
Instead of converting the uploaded file object to an UploadedFile instance from Symfony, because the latter is compatible with Laravel's validation, let's re-implement the validation for the three rules we were using. The benefit: we can now avoid copying the uploaded file to a temporary location just to do the wrapping. In the next step, we will remove the temporary file and let the uploader / Intervention Image handle the PSR stream directly.
86 lines
2.3 KiB
PHP
86 lines
2.3 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of Flarum.
|
|
*
|
|
* For detailed copyright and license information, please view the
|
|
* LICENSE file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Flarum\User;
|
|
|
|
use Flarum\Foundation\AbstractValidator;
|
|
use Flarum\Foundation\ValidationException;
|
|
use Psr\Http\Message\UploadedFileInterface;
|
|
use Symfony\Component\Mime\MimeTypes;
|
|
|
|
class AvatarValidator extends AbstractValidator
|
|
{
|
|
/**
|
|
* Throw an exception if a model is not valid.
|
|
*
|
|
* @param array $attributes
|
|
*/
|
|
public function assertValid(array $attributes)
|
|
{
|
|
$this->assertFileRequired($attributes['avatar']);
|
|
$this->assertFileMimes($attributes['avatar']);
|
|
$this->assertFileSize($attributes['avatar']);
|
|
}
|
|
|
|
protected function assertFileRequired(UploadedFileInterface $file)
|
|
{
|
|
if ($file->getError() !== UPLOAD_ERR_OK) {
|
|
$this->raise('required');
|
|
}
|
|
}
|
|
|
|
protected function assertFileMimes(UploadedFileInterface $file)
|
|
{
|
|
$allowedTypes = $this->getAllowedTypes();
|
|
|
|
// Block PHP files masquerading as images
|
|
$phpExtensions = ['php', 'php3', 'php4', 'php5', 'phtml'];
|
|
$fileExtension = pathinfo($file->getClientFilename(), PATHINFO_EXTENSION);
|
|
|
|
if (in_array(trim(strtolower($fileExtension)), $phpExtensions)) {
|
|
$this->raise('mimes', [':values' => implode(', ', $allowedTypes)]);
|
|
}
|
|
|
|
$guessedExtension = MimeTypes::getDefault()->getExtensions($file->getClientMediaType())[0] ?? null;
|
|
|
|
if (! in_array($guessedExtension, $allowedTypes)) {
|
|
$this->raise('mimes', [':values' => implode(', ', $allowedTypes)]);
|
|
}
|
|
}
|
|
|
|
protected function assertFileSize(UploadedFileInterface $file)
|
|
{
|
|
$maxSize = $this->getMaxSize();
|
|
|
|
if ($file->getSize() / 1024 > $maxSize) {
|
|
$this->raise('max.file', [':max' => $maxSize]);
|
|
}
|
|
}
|
|
|
|
protected function raise($error, array $parameters = [])
|
|
{
|
|
$message = $this->translator->trans(
|
|
"validation.$error",
|
|
$parameters + [':attribute' => 'avatar']
|
|
);
|
|
|
|
throw new ValidationException(['avatar' => $message]);
|
|
}
|
|
|
|
protected function getMaxSize()
|
|
{
|
|
return 2048;
|
|
}
|
|
|
|
protected function getAllowedTypes()
|
|
{
|
|
return ['jpeg', 'png', 'bmp', 'gif'];
|
|
}
|
|
}
|