[Solar-svn] Revision 3101

Fri Apr 11 10:50:31 CDT 2008

Solar_Filter_ValidateUpload: [ADD] Now supports checking filename extensions on the uploaded file.


Modified: trunk/Solar/Filter/ValidateUpload.php
===================================================================

--- trunk/Solar/Filter/ValidateUpload.php	2008-04-11 14:09:17 UTC (rev 3100)
+++ trunk/Solar/Filter/ValidateUpload.php	2008-04-11 15:50:30 UTC (rev 3101)
@@ -41,7 +41,7 @@
         UPLOAD_ERR_NO_FILE    => 'INVALID_UPLOAD_NO_FILE',
         UPLOAD_ERR_NO_TMP_DIR => 'INVALID_UPLOAD_NO_TMP_DIR',
         UPLOAD_ERR_CANT_WRITE => 'INVALID_UPLOAD_CANT_WRITE',
-        UPLOAD_ERR_EXTENSION  => 'INVALID_UPLOAD_EXTENSION',
+        UPLOAD_ERR_EXTENSION  => 'INVALID_UPLOAD_EXTENSION', // **php** extension
     );
 
     /**
@@ -52,15 +52,15 @@
      * The required keys are 'error', 'name', 'size', 'tmp_name', 'type'. More
      * or fewer or different keys than this will return a "malformed" error.
      * 
-     * If the upload is not required, and no file is uploaded, then it's still
-     * valid as far as this method goes.
-     * 
      * @param array $value An array of file-upload information.
      * 
+     * @param string|array $file_ext An array of allowed filename extensions
+     * (without dots) for the file name.  If empty, all extensions are allowed.
+     * 
      * @return bool True if valid, false if not.
      * 
      */
-    public function validateUpload($value)
+    public function validateUpload($value, $file_ext = null)
     {
         // reset to the default invalid message after previous attempts
         $this->_resetInvalid();
@@ -83,7 +83,7 @@
         $actual = array_keys($value);
         sort($actual);
         
-        // make sure the required and actual keys match up
+        // make sure the expected and actual keys match up
         if ($expect != $actual) {
             $this->_invalid = 'INVALID_UPLOAD_ARRAY_MALFORMED';
             return false;
@@ -91,12 +91,14 @@
         
         // was the upload explicitly ok?
         if ($value['error'] != UPLOAD_ERR_OK) {
+            // not explicitly ok, so find what the error was
             foreach ($this->_error_invalid as $error => $invalid) {
                 if ($value['error'] == $error) {
                     $this->_invalid = $invalid;
                     return false;
                 }
             }
+            // some other error
             $this->_invalid = 'INVALID_UPLOAD_UNKNOWN_ERROR';
             return false;
         }
@@ -108,6 +110,26 @@
             return false;
         }
         
+        // check file extension?
+        if ($file_ext) {
+            
+            // find the file name extension
+            $pos = strrpos($value['name'], '.');
+            if ($pos !== false) {
+                // get the extension without dot
+                $ext = substr($value['name'], $pos + 1);
+            } else {
+                // no filename extension
+                $ext = null;
+            }
+            
+            // is the extension allowed?
+            if (! in_array($ext, (array) $file_ext)) {
+                $this->_invalid = 'INVALID_UPLOAD_FILENAME_EXT';
+                return false;
+            }
+        }
+        
         // looks like we're ok!
         return true;
     }


