Improve and fix FileUpload acceptedFileTypes validation #13254
Replies: 3 comments
-
I still don't think this is a filepond problem This way the available files are filtered in the file manager Further it is written in the documentation that if the browser does not correctly determine the file type, it additionally double-checks the type of the selected file based on its contents I downloaded the filepond source code, found an implementation for checking the file type based on its contents, and made a small testbed on playcode.io But at the same time, if only When the loading is complete, the submit button for the form becomes available. This is where the inconsistency lies not in libraries or plugins, but in the logic of the browser and the operating system. FileUpload::make('file')
->acceptedBrowserFileTypes(['text/javascript'])
->acceptedFileTypes(['text/plain'])
->getUploadedFileNameForStorageUsing(
fn(TemporaryUploadedFile $file): string => (string) Str::uuid() . '.' . Arr::last(explode('.', $file->getClientOriginalName())),
); At first, the browser will allow you to select only files with the .js extension I think I was right in inadvertently thinking about the possibility of separating the rules for the frontend and backend anyway laravel and browser define mime type differently |
Beta Was this translation helpful? Give feedback.
-
filamentphp sends validation rules directly to filepond, which are passed to acceptedFileTypes "as is" And it has the ability to transfer individual rules to it, duplicating the logic of a separate method and saving it in a separate attribute ![]() ![]() ![]() ![]() but in the filament source code itself, a solution is used that enumerates mime types, among which there is also text/plain for csv Although for csv in general this is quite understandable, since the file can contain one word or a space delimiter On the other hand, I’m a little distracted from the question and now I’m thinking that a js file can be defined as text/plain by mimetype, in case of obfuscation For example, I have already made an obfuscator that cannot be decrypted by available online decryptors, then you can only identify it by extension, blindly trusting I think I won’t return to this question in the near future, but will simply accept it as a fact and feature https://youtu.be/GGwATl3ZSQY |
Beta Was this translation helpful? Give feedback.
-
I propose to implement the above mentioned acceptedBrowserFileTypes method, which will take precedence for filepond FileUpload::make('file')
->acceptedBrowserFileTypes(['text/javascript'])
->acceptedFileTypes(['text/plain'])
->getUploadedFileNameForStorageUsing(
fn(TemporaryUploadedFile $file): string => (string) Str::uuid() . '.' . Arr::last(explode('.', $file->getClientOriginalName())),
); |
Beta Was this translation helpful? Give feedback.
-
Inconsistency between file validation logic between browser and laravel
For example, when uploading .js file with the mimetype text/javascript in acceptedFileTypes - the frontend successfully receives and saves the file to temporary storage
And when submitting a form, the backend already throws an error if the mimetype text/plain is missing
Fair and vice versa
The frontend will not accept a file without text/javascript
Beta Was this translation helpful? Give feedback.
All reactions