CFileValidator

Package system.validators
Inheritance class CFileValidator » CValidator » CComponent
Since 1.0
Source Code framework/validators/CFileValidator.php
CFileValidator verifies if an attribute is receiving a valid uploaded file.

It uses the model class and attribute name to retrieve the information about the uploaded file. It then checks if a file is uploaded successfully, if the file size is within the limit and if the file type is allowed.

This validator will attempt to fetch uploaded data if attribute is not previously set. Please note that this cannot be done if input is tabular:
 foreach($models as $i=>$model)
    $model->attribute = CUploadedFile::getInstance($model, "[$i]attribute");
Please note that you must use CUploadedFile::getInstances for multiple file uploads.

When using CFileValidator with an active record, the following code is often used:
 $model->attribute = CUploadedFile::getInstance($model, "attribute");
 if($model->save())
 {
    // single upload
    $model->attribute->saveAs($path);
    // multiple upload
    foreach($model->attribute as $file)
       $file->saveAs($path);
 }


You can use CFileValidator to validate the file attribute.

In addition to the message property for setting a custom error message, CFileValidator has a few custom error messages you can set that correspond to different validation scenarios. When the file is too large, you may use the tooLarge property to define a custom error message. Similarly for tooSmall, wrongType and tooMany. The messages may contain additional placeholders that will be replaced with the actual content. In addition to the "{attribute}" placeholder, recognized by all validators (see CValidator), CFileValidator allows for the following placeholders to be specified:
  • {file}: replaced with the name of the file.
  • {limit}: when using tooLarge, replaced with maxSize; when using tooSmall, replaced with minSize; and when using tooMany replaced with maxFiles.
  • {extensions}: when using wrongType, it will be replaced with the allowed extensions.

Public Properties

Property Type Description Defined By
allowEmpty boolean whether the attribute requires a file to be uploaded or not. CFileValidator
attributes array list of attributes to be validated. CValidator
builtInValidators array list of built-in validators (name=>class) CValidator
enableClientValidation boolean whether to perform client-side validation. CValidator
except array list of scenarios that the validator should not be applied to. CValidator
maxFiles integer the maximum file count the given attribute can hold. CFileValidator
maxSize integer the maximum number of bytes required for the uploaded file. CFileValidator
message string the user-defined error message. CValidator
mimeTypes mixed a list of MIME-types of the file that are allowed to be uploaded. CFileValidator
minSize integer the minimum number of bytes required for the uploaded file. CFileValidator
on array list of scenarios that the validator should be applied. CValidator
safe boolean whether attributes listed with this validator should be considered safe for massive assignment. CValidator
skipOnError boolean whether this validation rule should be skipped when there is already a validation error for the current attribute. CValidator
tooLarge string the error message used when the uploaded file is too large. CFileValidator
tooMany string the error message used if the count of multiple uploads exceeds limit. CFileValidator
tooSmall string the error message used when the uploaded file is too small. CFileValidator
types mixed a list of file name extensions that are allowed to be uploaded. CFileValidator
wrongMimeType string the error message used when the uploaded file has a MIME-type that is not listed among mimeTypes. CFileValidator
wrongType string the error message used when the uploaded file has an extension name that is not listed among types. CFileValidator

Protected Properties

Property Type Description Defined By
sizeLimit integer Returns the maximum size allowed for uploaded files. CFileValidator

Public Methods

Method Description Defined By
__call() Calls the named method which is not a class method. CComponent
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
applyTo() Returns a value indicating whether the validator applies to the specified scenario. CValidator
asa() Returns the named behavior object. CComponent
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
clientValidateAttribute() Returns the JavaScript needed for performing client-side validation. CValidator
createValidator() Creates a validator object. CValidator
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
evaluateExpression() Evaluates a PHP expression or callback under the context of this component. CComponent
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasProperty() Determines whether a property is defined. CComponent
raiseEvent() Raises an event. CComponent
sizeToBytes() Converts php.ini style size to bytes. CFileValidator
validate() Validates the specified object. CValidator

Protected Methods

Method Description Defined By
addError() Adds an error about the specified attribute to the active record. CValidator
emptyAttribute() Raises an error to inform end user about blank attribute. CFileValidator
getSizeLimit() Returns the maximum size allowed for uploaded files. CFileValidator
isEmpty() Checks if the given value is empty. CValidator
validateAttribute() Set the attribute and then validates using validateFile. CFileValidator
validateFile() Internally validates a file object. CFileValidator

Property Details

allowEmpty property

public boolean $allowEmpty;

whether the attribute requires a file to be uploaded or not. Defaults to false, meaning a file is required to be uploaded. When no file is uploaded, the owner attribute is set to null to prevent setting arbitrary values.

maxFiles property

public integer $maxFiles;

the maximum file count the given attribute can hold. It defaults to 1, meaning single file upload. By defining a higher number, multiple uploads become possible.

maxSize property

public integer $maxSize;

the maximum number of bytes required for the uploaded file. Defaults to null, meaning no limit. Note, the size limit is also affected by 'upload_max_filesize' INI setting and the 'MAX_FILE_SIZE' hidden field value.

See Also

mimeTypes property (available since v1.1.11)

public mixed $mimeTypes;

a list of MIME-types of the file that are allowed to be uploaded. This can be either an array or a string consisting of MIME-types separated by space or comma (e.g. "image/gif, image/jpeg"). MIME-types are case-insensitive. Defaults to null, meaning all MIME-types are allowed. In order to use this property fileinfo PECL extension should be installed.

minSize property

public integer $minSize;

the minimum number of bytes required for the uploaded file. Defaults to null, meaning no limit.

See Also

sizeLimit property read-only

protected integer getSizeLimit()

Returns the maximum size allowed for uploaded files. This is determined based on three factors:

  • 'upload_max_filesize' in php.ini
  • 'MAX_FILE_SIZE' hidden field
  • maxSize

tooLarge property

public string $tooLarge;

the error message used when the uploaded file is too large.

See Also

tooMany property

public string $tooMany;

the error message used if the count of multiple uploads exceeds limit.

tooSmall property

public string $tooSmall;

the error message used when the uploaded file is too small.

See Also

types property

public mixed $types;

a list of file name extensions that are allowed to be uploaded. This can be either an array or a string consisting of file extension names separated by space or comma (e.g. "gif, jpg"). Extension names are case-insensitive. Defaults to null, meaning all file name extensions are allowed.

wrongMimeType property (available since v1.1.11)

public string $wrongMimeType;

the error message used when the uploaded file has a MIME-type that is not listed among mimeTypes. In order to use this property fileinfo PECL extension should be installed.

wrongType property

public string $wrongType;

the error message used when the uploaded file has an extension name that is not listed among types.

Method Details

emptyAttribute() method

protected void emptyAttribute(CModel $object, string $attribute)
$object CModel the object being validated
$attribute string the attribute being validated
Source Code: framework/validators/CFileValidator.php#269 (show)
protected function emptyAttribute($object$attribute)
{
    if(
$this->safe
        
$object->$attribute=null;

    if(!
$this->allowEmpty)
    {
        
$message=$this->message!==null?$this->message Yii::t('yii','{attribute} cannot be blank.');
        
$this->addError($object,$attribute,$message);
    }
}

Raises an error to inform end user about blank attribute. Sets the owner attribute to null to prevent setting arbitrary values.

getSizeLimit() method

protected integer getSizeLimit()
{return} integer the size limit for uploaded files.
Source Code: framework/validators/CFileValidator.php#292 (show)
protected function getSizeLimit()
{
    
$limit=ini_get('upload_max_filesize');
    
$limit=$this->sizeToBytes($limit);
    if(
$this->maxSize!==null && $limit>&& $this->maxSize<$limit)
        
$limit=$this->maxSize;
    if(isset(
$_POST['MAX_FILE_SIZE']) && $_POST['MAX_FILE_SIZE']>&& $_POST['MAX_FILE_SIZE']<$limit)
        
$limit=$_POST['MAX_FILE_SIZE'];
    return 
$limit;
}

Returns the maximum size allowed for uploaded files. This is determined based on three factors:

  • 'upload_max_filesize' in php.ini
  • 'MAX_FILE_SIZE' hidden field
  • maxSize

sizeToBytes() method (available since v1.1.11)

public integer sizeToBytes(string $sizeStr)
$sizeStr string the size string to convert.
{return} integer the byte count in the given size string.
Source Code: framework/validators/CFileValidator.php#316 (show)
public function sizeToBytes($sizeStr)
{
    
// get the latest character
    
switch (strtolower(substr($sizeStr, -1)))
    {
        case 
'm': return (int)$sizeStr 1048576// 1024 * 1024
        
case 'k': return (int)$sizeStr 1024// 1024
        
case 'g': return (int)$sizeStr 1073741824// 1024 * 1024 * 1024
        
default: return (int)$sizeStr// do nothing
    
}
}

Converts php.ini style size to bytes.

Examples of size strings are: 150, 1g, 500k, 5M (size suffix is case insensitive). If you pass here the number with a fractional part, then everything after the decimal point will be ignored (php.ini values common behavior). For example 1.5G value would be treated as 1G and 1073741824 number will be returned as a result. This method is public (was private before) since 1.1.11.

validateAttribute() method

protected void validateAttribute(CModel $object, string $attribute)
$object CModel the object being validated
$attribute string the attribute being validated
Source Code: framework/validators/CFileValidator.php#142 (show)
protected function validateAttribute($object$attribute)
{
    
$files=$object->$attribute;
    if(
$this->maxFiles 1)
    {
        if(!
is_array($files) || !isset($files[0]) || !$files[0] instanceof CUploadedFile)
            
$files CUploadedFile::getInstances($object$attribute);
        if(array()===
$files)
            return 
$this->emptyAttribute($object$attribute);
        if(
count($files) > $this->maxFiles)
        {
            
$message=$this->tooMany!==null?$this->tooMany Yii::t('yii''{attribute} cannot accept more than {limit} files.');
            
$this->addError($object$attribute$message, array('{attribute}'=>$attribute'{limit}'=>$this->maxFiles));
        }
        else
            foreach(
$files as $file)
                
$this->validateFile($object$attribute$file);
    }
    else
    {
        if (
is_array($files))
        {
            if (
count($files) > 1)
            {
                
$message=$this->tooMany!==null?$this->tooMany Yii::t('yii''{attribute} cannot accept more than {limit} files.');
                
$this->addError($object$attribute$message, array('{attribute}'=>$attribute'{limit}'=>$this->maxFiles));
                return;
            }
            else
                
$file = empty($files) ? null reset($files);
        }
        else
            
$file $files;
        if(!
$file instanceof CUploadedFile)
        {
            
$file CUploadedFile::getInstance($object$attribute);
            if(
null===$file)
                return 
$this->emptyAttribute($object$attribute);
        }
        
$this->validateFile($object$attribute$file);
    }
}

Set the attribute and then validates using validateFile. If there is any error, the error message is added to the object.

validateFile() method

protected void validateFile(CModel $object, string $attribute, CUploadedFile $file)
$object CModel the object being validated
$attribute string the attribute being validated
$file CUploadedFile uploaded file passed to check against a set of rules
Source Code: framework/validators/CFileValidator.php#192 (show)
protected function validateFile($object$attribute$file)
{
    
$error=(null===$file null $file->getError());
    if(
$error==UPLOAD_ERR_INI_SIZE || $error==UPLOAD_ERR_FORM_SIZE || $this->maxSize!==null && $file->getSize()>$this->maxSize)
    {
        
$message=$this->tooLarge!==null?$this->tooLarge Yii::t('yii','The file "{file}" is too large. Its size cannot exceed {limit} bytes.');
        
$this->addError($object,$attribute,$message,array('{file}'=>$file->getName(), '{limit}'=>$this->getSizeLimit()));
        if(
$error!==UPLOAD_ERR_OK)
            return;
    }
    elseif(
$error!==UPLOAD_ERR_OK)
    {
        if(
$error==UPLOAD_ERR_NO_FILE)
            return 
$this->emptyAttribute($object$attribute);
        elseif(
$error==UPLOAD_ERR_PARTIAL)
            throw new 
CException(Yii::t('yii','The file "{file}" was only partially uploaded.',array('{file}'=>$file->getName())));
        elseif(
$error==UPLOAD_ERR_NO_TMP_DIR)
            throw new 
CException(Yii::t('yii','Missing the temporary folder to store the uploaded file "{file}".',array('{file}'=>$file->getName())));
        elseif(
$error==UPLOAD_ERR_CANT_WRITE)
            throw new 
CException(Yii::t('yii','Failed to write the uploaded file "{file}" to disk.',array('{file}'=>$file->getName())));
        elseif(
defined('UPLOAD_ERR_EXTENSION') && $error==UPLOAD_ERR_EXTENSION)  // available for PHP 5.2.0 or above
            
throw new CException(Yii::t('yii','A PHP extension stopped the file upload.'));
        else
            throw new 
CException(Yii::t('yii','Unable to upload the file "{file}" because of an unrecognized error.',array('{file}'=>$file->getName())));
    }

    if(
$this->minSize!==null && $file->getSize()<$this->minSize)
    {
        
$message=$this->tooSmall!==null?$this->tooSmall Yii::t('yii','The file "{file}" is too small. Its size cannot be smaller than {limit} bytes.');
        
$this->addError($object,$attribute,$message,array('{file}'=>$file->getName(), '{limit}'=>$this->minSize));
    }

    if(
$this->types!==null)
    {
        if(
is_string($this->types))
            
$types=preg_split('/[\s,]+/',strtolower($this->types),-1,PREG_SPLIT_NO_EMPTY);
        else
            
$types=$this->types;
        if(!
in_array(strtolower($file->getExtensionName()),$types))
        {
            
$message=$this->wrongType!==null?$this->wrongType Yii::t('yii','The file "{file}" cannot be uploaded. Only files with these extensions are allowed: {extensions}.');
            
$this->addError($object,$attribute,$message,array('{file}'=>$file->getName(), '{extensions}'=>implode(', ',$types)));
        }
    }

    if(
$this->mimeTypes!==null && !empty($file->tempName))
    {
        if(
function_exists('finfo_open'))
        {
            
$mimeType=false;
            if(
$info=finfo_open(defined('FILEINFO_MIME_TYPE') ? FILEINFO_MIME_TYPE FILEINFO_MIME))
                
$mimeType=finfo_file($info,$file->getTempName());
        }
        elseif(
function_exists('mime_content_type'))
            
$mimeType=mime_content_type($file->getTempName());
        else
            throw new 
CException(Yii::t('yii','In order to use MIME-type validation provided by CFileValidator fileinfo PECL extension should be installed.'));

        if(
is_string($this->mimeTypes))
            
$mimeTypes=preg_split('/[\s,]+/',strtolower($this->mimeTypes),-1,PREG_SPLIT_NO_EMPTY);
        else
            
$mimeTypes=$this->mimeTypes;

        if(
$mimeType===false || !in_array(strtolower($mimeType),$mimeTypes))
        {
            
$message=$this->wrongMimeType!==null?$this->wrongMimeType Yii::t('yii','The file "{file}" cannot be uploaded. Only files of these MIME-types are allowed: {mimeTypes}.');
            
$this->addError($object,$attribute,$message,array('{file}'=>$file->getName(), '{mimeTypes}'=>implode(', ',$mimeTypes)));
        }
    }
}

Internally validates a file object.

© 2008–2017 by Yii Software LLC
Licensed under the three clause BSD license.
http://www.yiiframework.com/doc/api/1.1/CFileValidator