Commit31b0a71

committed

feature#19216 [HttpFoundation] AddUploadedFile::getClientOriginalPath() to support directory uploads (danielburger1337)

This PR was squashed before being merged into the 7.1 branch.Discussion----------[HttpFoundation] Add `UploadedFile::getClientOriginalPath()` to support directory uploadsSee#19212 andsymfony/symfony#52493Edit: I just realized that `@alexandre`-daubois created PR#19215 for this as well.Just for the record, I don't care which one gets merged.Commits-------4120857 [HttpFoundation] Add `UploadedFile::getClientOriginalPath()` to support directory uploads

2 parentsccf7a6e +4120857 commit31b0a71Copy full SHA for 31b0a71

File tree

2 files changed

+19

-5

lines changed

controller
- upload_file.rst
reference/forms/types
- file.rst

2 files changed

+19

-5

lines changed

`‎controller/upload_file.rst‎`

Lines changed: 12 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -194,13 +194,23 @@ There are some important things to consider in the code of the above controller:`
`194`	`194`	users. This also applies to the files uploaded by your visitors. The ``UploadedFile``
`195`	`195`	`class provides methods to get the original file extension`
`196`	`196`	(:method:`Symfony\\Component\\HttpFoundation\\File\\UploadedFile::getClientOriginalExtension`),
`197`		- the original file size (:method:`Symfony\\Component\\HttpFoundation\\File\\UploadedFile::getSize`)
`198`		- and the original file name (:method:`Symfony\\Component\\HttpFoundation\\File\\UploadedFile::getClientOriginalName`).
	`197`	+ the original file size (:method:`Symfony\\Component\\HttpFoundation\\File\\UploadedFile::getSize`),
	`198`	+ the original file name (:method:`Symfony\\Component\\HttpFoundation\\File\\UploadedFile::getClientOriginalName`)
	`199`	+ and the original file path (:method:`Symfony\\Component\\HttpFoundation\\File\\UploadedFile::getClientOriginalPath`).
`199`	`200`	`However, they are considered not safe because a malicious user could tamper`
`200`	`201`	`that information. That's why it's always better to generate a unique name and`
`201`	`202`	use the:method:`Symfony\\Component\\HttpFoundation\\File\\UploadedFile::guessExtension`
`202`	`203`	`method to let Symfony guess the right extension according to the file MIME type;`
`203`	`204`
	`205`	`+..note::`
	`206`	`+`
	`207`	+ If a directory was uploaded, ``getClientOriginalPath`` will contain the webkitRelativePath as provided by the browser.
	`208`	+ Otherwise this value will be identical to ``getClientOriginalName``.
	`209`	`+`
	`210`	`+..versionadded::7.1`
	`211`	`+`
	`212`	+ The ``getClientOriginalPath`` method was introduced in Symfony 7.1.
	`213`	`+`
`204`	`214`	`You can use the following code to link to the PDF brochure of a product:`
`205`	`215`
`206`	`216`	`..code-block::html+twig`

`‎reference/forms/types/file.rst‎`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,10 @@ You might calculate the filename in one of the following ways::`
`55`	`55`	`// use the original file name`
`56`	`56`	`$file->move($directory, $file->getClientOriginalName());`
`57`	`57`
	`58`	`+ // when "webkitdirectory" upload was used`
	`59`	`+ // otherwise the value will be the same as getClientOriginalName`
	`60`	`+ // $file->move($directory, $file->getClientOriginalPath());`
	`61`	`+`
`58`	`62`	`// compute a random name and try to guess the extension (more secure)`
`59`	`63`	`$extension = $file->guessExtension();`
`60`	`64`	`if (!$extension) {`
`@@ -63,9 +67,9 @@ You might calculate the filename in one of the following ways::`
`63`	`67`	`}`
`64`	`68`	`$file->move($directory, rand(1, 99999).'.'.$extension);`
`65`	`69`
`66`		-Using the original name via ``getClientOriginalName()``is not safe as it
`67`		`-could have been manipulated by the end-user. Moreover, it can contain`
`68`		`-characters that are not allowed in file names. You should sanitize thename`
	`70`	+Using the original name via ``getClientOriginalName()``or ``getClientOriginalPath``
	`71`	`+is not safe as itcould have been manipulated by the end-user. Moreover, it can contain`
	`72`	`+characters that are not allowed in file names. You should sanitize thevalue`
`69`	`73`	`before using it directly.`
`70`	`74`
`71`	`75`	Read:doc:`/controller/upload_file` for an example of how to manage a file

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit31b0a71

File tree

2 files changed

2 files changed

`‎controller/upload_file.rst‎`

`‎reference/forms/types/file.rst‎`

0 commit comments