feature #26261 [Validator] Improvement: provide file basename for constr. violation messages in FileValidator. (TheCelavi)

This PR was squashed before being merged into the 4.2-dev branch (closes #26261). Discussion ---------- [Validator] Improvement: provide file basename for constr. violation messages in FileValidator. | Q | A | ------------- | --- | Branch? | 3.4  | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | no | License | MIT | Doc PR | N/A `\Symfony\Component\Validator\Constraints\FileValidator` provides absolute path to file on server when user, per example, uploads empty file, too large file, of wrong mime type, etc... Absolute path to file on server does not have value to the end user, on top of that, exposing it can be a security issue - end user should not be aware of server filesystem. Basename of file, however, has value (per example: MyAwesomeSheet.xlsx, MyCV.doc, etc..) - if something is wrong with file upload (size, mime, etc...). If basename is exposed, we can construct messages like: "Your file 'MyCV.doc' is not allowed for upload due to....whatever"... This PR provides basename of file so end user of `\Symfony\Component\Validator\Constraints\FileValidator` can construct error messages of higher value for end user. Commits ------- a77abadf06 [Validator] Improvement: provide file basename for constr. violation messages in FileValidator.
2018-10-10 05:29:04 -07:00 · 2018-10-10 05:29:04 -07:00 · 722c8162c9
commit 722c8162c9
parent d13141f41d a77abadf06
2 changed files with 9 additions and 0 deletions
--- a/src/Symfony/Component/Validator/Constraints/FileValidator.php
+++ b/src/Symfony/Component/Validator/Constraints/FileValidator.php
@ -138,10 +138,12 @@ class FileValidator extends ConstraintValidator
        }

        $sizeInBytes = filesize($path);
+        $basename = $value instanceof UploadedFile ? $value->getClientOriginalName() : basename($path);

        if (0 === $sizeInBytes) {
            $this->context->buildViolation($constraint->disallowEmptyMessage)
                ->setParameter('{{ file }}', $this->formatValue($path))
+                ->setParameter('{{ name }}', $this->formatValue($basename))
                ->setCode(File::EMPTY_ERROR)
                ->addViolation();

@ -158,6 +160,7 @@ class FileValidator extends ConstraintValidator
                    ->setParameter('{{ size }}', $sizeAsString)
                    ->setParameter('{{ limit }}', $limitAsString)
                    ->setParameter('{{ suffix }}', $suffix)
+                    ->setParameter('{{ name }}', $this->formatValue($basename))
                    ->setCode(File::TOO_LARGE_ERROR)
                    ->addViolation();

@ -189,6 +192,7 @@ class FileValidator extends ConstraintValidator
                ->setParameter('{{ file }}', $this->formatValue($path))
                ->setParameter('{{ type }}', $this->formatValue($mime))
                ->setParameter('{{ types }}', $this->formatValues($mimeTypes))
+                ->setParameter('{{ name }}', $this->formatValue($basename))
                ->setCode(File::INVALID_MIME_TYPE_ERROR)
                ->addViolation();
        }
--- a/src/Symfony/Component/Validator/Tests/Constraints/FileValidatorTest.php
+++ b/src/Symfony/Component/Validator/Tests/Constraints/FileValidatorTest.php
@ -177,6 +177,7 @@ abstract class FileValidatorTest extends ConstraintValidatorTestCase
            ->setParameter('{{ size }}', $sizeAsString)
            ->setParameter('{{ suffix }}', $suffix)
            ->setParameter('{{ file }}', '"'.$this->path.'"')
+            ->setParameter('{{ name }}', '"'.basename($this->path).'"')
            ->setCode(File::TOO_LARGE_ERROR)
            ->assertRaised();
    }
@ -279,6 +280,7 @@ abstract class FileValidatorTest extends ConstraintValidatorTestCase
            ->setParameter('{{ size }}', $sizeAsString)
            ->setParameter('{{ suffix }}', $suffix)
            ->setParameter('{{ file }}', '"'.$this->path.'"')
+            ->setParameter('{{ name }}', '"'.basename($this->path).'"')
            ->setCode(File::TOO_LARGE_ERROR)
            ->assertRaised();
    }
@ -357,6 +359,7 @@ abstract class FileValidatorTest extends ConstraintValidatorTestCase
            ->setParameter('{{ type }}', '"application/pdf"')
            ->setParameter('{{ types }}', '"image/png", "image/jpg"')
            ->setParameter('{{ file }}', '"'.$this->path.'"')
+            ->setParameter('{{ name }}', '"'.basename($this->path).'"')
            ->setCode(File::INVALID_MIME_TYPE_ERROR)
            ->assertRaised();
    }
@ -387,6 +390,7 @@ abstract class FileValidatorTest extends ConstraintValidatorTestCase
            ->setParameter('{{ type }}', '"application/pdf"')
            ->setParameter('{{ types }}', '"image/*", "image/jpg"')
            ->setParameter('{{ file }}', '"'.$this->path.'"')
+            ->setParameter('{{ name }}', '"'.basename($this->path).'"')
            ->setCode(File::INVALID_MIME_TYPE_ERROR)
            ->assertRaised();
    }
@ -403,6 +407,7 @@ abstract class FileValidatorTest extends ConstraintValidatorTestCase

        $this->buildViolation('myMessage')
            ->setParameter('{{ file }}', '"'.$this->path.'"')
+            ->setParameter('{{ name }}', '"'.basename($this->path).'"')
            ->setCode(File::EMPTY_ERROR)
            ->assertRaised();
    }