I'm using PUT method to upload files using dropzone.js on frontend. However when I want to work with files both Symfony's Request object and $_FILES array are empty.
I have checked everything in this huge checklist and it did not help to me since it does not says anything about uploading via PUT method.
PHP does not convert files uploaded via PUT method into $_FILES hence Symfony`s Request object is empty too.
You need to handle incoming file using following code.
/* PUT data comes in on the stdin stream */
$putdata = fopen("php://input", "r");
Or using $request->getContent() in symfony.
PHP also supports PUT-method file uploads as used by Netscape Composer
and W3C's Amaya clients. See the PUT Method Support for more details.
http://php.net/manual/en/features.file-upload.post-method.php
Related
I'm new to Zend's Apigility and I have problem with file upload.
I've created a new rest service and configured fields in the admin UI as described in Apigility documentation: https://apigility.org/documentation/recipes/upload-files-to-api
When trying to obtain any data from InputFilter i get only null values.
Resource controller
public function create($data)
{
$inputFilter = $this->getInputFilter();
$data = $inputFilter->getValues();
var_dump($data);
//return $this->attachments->create($data);
}
var_dump result
array(1) {
["filedata"]=>
NULL
}
For testing purposes I'm using Postman extension for Chrome with Content-Type header set to 'multipart/form-data', and attached file to key: filedata.
I'm pretty sure, I can send files using json and base64_encode, but I would rather hold with it until it would be absolutely necessary.
For those who aren't aware, Apigility is a Zend Framework 2 based framework specifically made for Rest/Rpc API's.
To do file uploads, please refer to their documentation on the recent updates as noted by Jon Day.
Credit : https://apigility.org/documentation/recipes/upload-files-to-api
How can you allow uploading files via your API?
Answer
Zend Framework 2 provides a variety of classes surrounding file upload
functionality, including a set of validators (used to validate whether
the file was uploaded, as well as whether it meets specific criteria
such as file size, extension, MIME type, etc.), a set of filters (used
to allow renaming an uploaded file, as well as, more rarely, to
manipulate the contents of the file), and file-upload-specific inputs
for input filters (because validation of files needs to follow
different rules than regular data).
Currently the limitation is that Apigility will only accept multipart/form-data
Using Xdebug I am getting the following out :
$data_array = $inputFilter->getValues();
$image = $data_array['images_data'];
The $image array looks like this :
name = MemeCenter_1400658513231_337.jpg
type = image/jpeg
tmp_name = /tmp/phpzV3mWA
error = 0
size = 379580
Try this
Update apigility with composer. File upload is working in version 1.0.3
Use Postman to send files but with no headers.Just select form-data.It worked for me.
To move uploaded file use rename instead of move_uploaded_file.
You can use the option ('magicFile' => false) for the MimeType validator which fixes the problem without any modification at the zf library.
I know it is possible to read file content from $_FILES["file"]["tmp_name"] and save the content into DB.
But I think it is a performance waste.
Is it possible to read the file content directly from the HTTP post stream?
No, PHP has an internal data structure (the $_FILES array) that stores all uploaded file info, and there is no other way of accessing that info elsewhere in PHP.
Its possible via PUT ..... you can get the raw input ... but you would still need to parse it your self
$input = file_get_contents('php://input');
I think $_FILES is faster and better
This is not possible with POST request.
With PUT requests, you can use stdin.
$putdata = fopen("php://input", "r");
I've got a script, largely based on an example uploading PHP file from jQuery Uploader. It gets file type with the following code (it gets this $_FILES component)...
$fileType = (isset($_SERVER['HTTP_X_FILE_TYPE']) ? $_SERVER['HTTP_X_FILE_TYPE'] : $upload['type']);
Note; $upload['type'] comes from the $_FILES['files']['type'].
Now, this is fine - except for the fact that some files seem to have no fileType information from this. I can get more accurate responses from using file info and mimetype functions in PHP - but they don't work on $_FILES objects and I'm trying to do this check before I transfer the file to s3 so I don't really want to load it locally.
Can anyone advise if there's something I can to get more accurately report type from $_FILES or is it going to have to load locally in order to run these alternative PHP functions?
finfo is the only way to do this. You cannot rely on information the client sends you, it is far too easy to fake from the client side.
There is no reason that it won't work with $_FILES, you would simply pass $_FILES['files']['tmp_name'] as the file path - this is still a valid file path, and you don't need to call move_uploaded_file() to access the data. Leaving the file in the temp location also has the advantage that it will be destroyed when the script is finished if you haven't done anything with it.
I'm trying to programmatically add a tint to an image. I've done this very easily with a form and the $_FILES array but I need to get the image from a URL, and the images I'm trying to use are on my own server if that is important. Here's a sample code of the working form function
$img = new Upload($_FILES['imgfile']);
Now all I need is something like $img = new Upload(fopen($image_path); But this isn't working... Please help me!!
In the following code, you are passing a $_FILES array structure to your Upload class:
$img = new Upload($_FILES['imgfile']);
The variable $_FILES['imgfile'] itself is an array, consisting of named members such as 'name', 'tmp_name' and others - information about the file that has been passed to PHP by the server receiving the uploaded file.
Your Upload class appears to be designed to handle this sort of structure. It will probably have been designed specifically for handling file uploads, so you may need to modify it a bit to allow it to be passed any file path as a parameter instead of this array structure.
Well, you can fake $_FILES array all right.
the only function you cannot fool with this array is move_uploaded_file() but it seems you don't need it anyway.
but, you know, nobody have an idea what your "new Upload" is.
Simple question. Is there a way to only allow txt files upon uploading? I've looked around and all I find is text/php, which allows PHP.
$uploaded_type=="text/php
When you upload a file with PHP its stored in the $_FILES array. Within this there is a key called "type" which has the mime type of the file EG $_FILES['file']['type']
So to check it is a txt file you do
if($_FILES['file']['type'] == 'text/plain'){
//Do stuff with it.
}
It's explained very well here. Also, don't rely on file extentions it's very unreliable.
Simply put: there's no way. Browsers don't consistently support type limiters on file upload fields (AFAIK that was planned or even is integrated into the HTML standard, but barely implemented at best). Both the file extension and mime-type information are user supplied and hence can't be trusted.
You can really only try to parse the file and see if it validates to whatever format you expect, that's the only reliable way. What you need to be careful with are buffer overflows and the like caused by maliciously malformed files. If all you want are text files, that's probably not such a big deal though.
You could check the mime type of the uploading file. In codeIgniter, this code is used in the upload library:
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
The variable $this->file_type then used to check the upload configuration, to see if the uploaded file is in allowed type or not. You can see the complete code in the CodeIgniter upload library file.
You need to check the file extension of the uploaded file.
There is Pear HttpUpload, it supports this.