NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

[Validator] Improvement: provide file basename for constr. violation messages in FileValidator.#26261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Merged

fabpot merged 1 commit intosymfony:masterfromRunOpenCode:feature/expose-filename-in-file-validator

Oct 10, 2018

Merged

[Validator] Improvement: provide file basename for constr. violation messages in FileValidator.#26261

fabpot merged 1 commit intosymfony:masterfromRunOpenCode:feature/expose-filename-in-file-validator

Oct 10, 2018

Conversation

Copy link

Contributor

TheCelavi commentedFeb 21, 2018

Q	A
Branch?	3.4
Bug fix?	no
New feature?	no
BC breaks?	no
Deprecations?	no
Tests pass?	yes
Fixed tickets	no
License	MIT
Doc PR	N/A

\Symfony\Component\Validator\Constraints\FileValidator provides absolute path to file on server when user, per example, uploads empty file, too large file, of wrong mime type, etc...

Absolute path to file on server does not have value to the end user, on top of that, exposing it can be a security issue - end user should not be aware of server filesystem.

Basename of file, however, has value (per example: MyAwesomeSheet.xlsx, MyCV.doc, etc..) - if something is wrong with file upload (size, mime, etc...).

If basename is exposed, we can construct messages like: "Your file 'MyCV.doc' is not allowed for upload due to....whatever"...

This PR provides basename of file so end user of\Symfony\Component\Validator\Constraints\FileValidator can construct error messages of higher value for end user.

carsonbot added Status: Needs Review Validator labels

Feb 21, 2018

nicolas-grekas modified the milestones:3.4,4.1

Feb 22, 2018

carsonbot added Status: Needs Work and removed Status: Needs Review labels

Feb 22, 2018

nicolas-grekas requested changes

Feb 22, 2018

View reviewed changes

Copy link

Member

nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Thanks for this proposal
That's a new feature so it should target master.
Can you please add some tests also?

src/Symfony/Component/Validator/Constraints/FileValidator.php Outdated

		}

		$sizeInBytes =filesize($path);
		$basename = ($valueinstanceof UploadedFile) ?$value->getClientOriginalName() :basename($path);

Copy link

Member

nicolas-grekasFeb 22, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

brackets should be remove

Copy link

ContributorAuthor

TheCelaviFeb 22, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Removed as requested - I use brackets for readability purposes, no side effects

Copy link

ContributorAuthor

TheCelavi commentedFeb 22, 2018

That's a new feature so it should target master.

Do you want me to create PR on master branch?

Can you please add some tests also?

I have updated tests to reflect this change, so, it is kinda covered already. Only thin that can be tested is getting the basename of file - do you want me to write that test?

TheCelavi changed the base branch from3.4 tomaster

March 16, 2018 12:59

nicolas-grekas modified the milestones:4.1,next

Apr 20, 2018

fabpot approved these changes

Oct 10, 2018

View reviewed changes

carsonbot added Status: Reviewed and removed Status: Needs Work labels

Oct 10, 2018

[Validator] Improvement: provide file basename for constr. violation …

a77abad

…messages in FileValidator.

fabpot force-pushed thefeature/expose-filename-in-file-validator branch from5892e0e toa77abadCompare

October 10, 2018 12:29

Copy link

Member

fabpot commentedOct 10, 2018

Thank you@TheCelavi.

fabpot merged commita77abad intosymfony:master

Oct 10, 2018

fabpot added a commit that referenced this pull request

Oct 10, 2018

feature#26261[Validator] Improvement: provide file basename for con…

722c816

…str. violation messages in FileValidator. (TheCelavi)This PR was squashed before being merged into the 4.2-dev branch (closes#26261).Discussion----------[Validator] Improvement: provide file basename for constr. violation messages in FileValidator.| Q             | A| ------------- | ---| Branch?       | 3.4 <!-- see below -->| Bug fix?      | no| New feature?  | no| BC breaks?    | no| Deprecations? | no| Tests pass?   | yes| Fixed tickets | no| License       | MIT| Doc PR        | N/A`\Symfony\Component\Validator\Constraints\FileValidator` provides absolute path to file on server when user, per example, uploads empty file, too large file, of wrong mime type, etc...Absolute path to file on server does not have value to the end user, on top of that, exposing it can be a security issue - end user should not be aware of server filesystem.Basename of file, however, has value (per example: MyAwesomeSheet.xlsx, MyCV.doc, etc..) - if something is wrong with file upload (size, mime, etc...).If basename is exposed, we can construct messages like: "Your file 'MyCV.doc' is not allowed for upload due to....whatever"...This PR provides basename of file so end user of `\Symfony\Component\Validator\Constraints\FileValidator` can construct error messages of higher value for end user.Commits-------a77abad [Validator] Improvement: provide file basename for constr. violation messages in FileValidator.