How to Validate Jpeg as an extension for uploading files?

0

I'm a beginner in programming.

    public function upload(){

    if(Input::hasFile('file')){
        $novonome = uniqid() . '.jpeg';
        $file = Input::file('file');
        $file->move('uploads',$novonome);
        return 'Anexado com sucesso';
    }

    if(UploadedFile::getMaxFilesize()){
        return "Limite máximo de 2 mb";
        }  
    }
    
asked by anonymous 18.03.2016 / 15:57

2 answers

2

File extension validation is not secure, this link does not contain the answer to "Laravel" (although it may work) but explains the problem that extensions can cause:

It is preferable to validate via mimeType, so use this:

if(Input::hasFile('file')){
    $file = Input::file('file');

    if($file->getMimeType() === 'image/jpeg') {
        $novonome = uniqid() . '.jpeg';

        $file->move('uploads',$novonome);

        return 'Anexado com sucesso';
    }

    return 'Só é permitido imagens JPEG';
}

getMimeType() takes the mimeType of the file instead of the extension, because as I said here the extension may not be a valid file.

You can also use the class Request + Validation , and a detail, this method that used UploadedFile::getMaxFilesize() is not valid, just to know the limit that can be uploaded varying with PHP settings , use Validator to limit the weight of the file.

public function upload(Request $req)
{
    //Verifica se o campo veio vazio
    if (!$file->hasFile('file')) {
        return 'Não foi enviado a foto';
    }

    //Pega o arquivo
    $file = $request->file('file');

    $input = [
      'file' => $file
    ];


    /*
     * Regras da validação, como mimetype e tamanho máximo
     * 2048 é igual a 2mb, altere conforme a necessidade
     */
    $rules = [
      'file' => 'image|mimes:jpeg|max:2048'
    ];

    $messages = [
      'mimes' => 'Formato invalido'
    ];

    $validator = Validator::make($input, $rules, $messages);

    if ($validator->fails()) {
        return $validator->messages();
    }

    $novonome = uniqid() . '.jpeg';

    $file->move('uploads', $novonome);

    return 'Anexado com sucesso';
}

Enabling fileinfo

To enable fileinfo you need to edit php.ini and uncomment this line:

;extension=php_fileinfo.dll

Leaving thus:

extension=php_fileinfo.dll

After this restart Apache or Ngnix (or whatever your server)

    
18.03.2016 / 23:51
1

The validation method accepts an HTTP incoming request in conjunction with its validation rules, if its validation rules pass its code will run normally otherwise it will send an error response .

As in the code below:

$validator = Validator::make($request->all(), [
   'image' => 'mimes:jpeg'
];

    if( $validator->fails() ) {
        return $validator->messages();
    }

If the input request parameters do not pass, Laravel will automatically redirect the user to its previous position with all errors updated by the session.

To show these errors in view , we can use the code below:

@if (count($errors) > 0)
    <div class="alert alert-danger">
        <ul>
            @foreach ($errors->all() as $error)
                <li>{{ $error }}</li>
            @endforeach
        </ul>
    </div>
@endif

This code will basically count the errors, if these errors exist it will show to the end user.

    
18.03.2016 / 22:04