Ajax file upload broken in v2.7.38

[stevro]

Q	A
Bug report?	yes
Feature request?	no
BC Break report?	no
RFC?	no
Symfony version	2.7.38

In v2.7.38 it was introduced a security fix to uploaded files.
PR: #24993

The problem is that if you upload the files using ajax and you use the javascript below for ajax upload:

$('body').on('submit', '.ajaxForm', function (e) {
  var formData = new FormData($(this)[0]);
  $.ajax({
            type: 'POST',
            url: your_url,
            processData: false,
            contentType: false,
            data: formData
        });
}

In Symfony\Component\Form\Extension\Core\Type\FileType::buildForm() when calling $event->getData() you obtain the following structure:

array:1 [▼
  0 => array:1 [▼
    0 => UploadedFile {#13 ▼
      -test: false
      -originalName: "IMG_20171110_150940.jpg"
      -mimeType: "image/jpeg"
      -size: 593894
      -error: 0
    }
  ]
]

And when calling $requestHandler->isFileUpload($file), $file is an array instead of the actual file, and the result will be false.

Is it something that I'm doing wrong when uploading files with ajax and I shouldn't get the structure above, or could we add some extra checks either in FileType?

This is the form config:

$builder               
                ->add('documents', 'file', array(
                    'required' => false,
                    'attr' => array('multiple' => 'multiple'),
                    'mapped' => false,
                    'multiple'=>true,
                ))
        ;

[xabbuh]

Having an array of UploadedFile objects looks right when your file type is configured as being multiple. Do you maybe have one form that is rendered, but use another form to process the input? Otherwise, would you be able to create a small example application that allows to reproduce your issue?

[stevro]

The fix you introduced expects an array with just one level of nesting, like this:

array:1 [▼
    0 => UploadedFile {#13 ▼
      -test: false
      -originalName: "IMG_20171110_150940.jpg"
      -mimeType: "image/jpeg"
      -size: 593894
      -error: 0
    }
]

But I'm getting a double nested array:

array:1 [▼
  0 => array:1 [▼
    0 => UploadedFile {#13 ▼
      -test: false
      -originalName: "IMG_20171110_150940.jpg"
      -mimeType: "image/jpeg"
      -size: 593894
      -error: 0
    }
  ]
]

I'll try to setup an online example. It might be because in javascript I'm not submitting directly the serialized form but instead I use var formData = new FormData($(this)[0]);, as this way I managed to send the files via ajax.

[xabbuh]

Ah sorry, I missed that. The nested array indeed looks wrong to me.

[xabbuh]

@stevro Did you manage to isolate if this is caused by your custom JavaScript or have a hint for us how to reproduce the issue?

[stevro]

Hi, the isFileUpload() check fails, using the javascript I posted in the first post. I'll make time this days to bring up more details. Currently I only upgraded to symfony 2.7.37 to prevent this issue.

[xabbuh]

I am closing here for now. We can consider to reopen with more information in the future.