0

I have a series of functions to handle file uploads; validating the uploaded file (checking size, type etc) then sending the uploaded file to Cloudfiles - this all works fine.

I would like to use the same functions for saving local files (files previously uploaded and saved to the webserver) to Cloudfiles.

Is it possible to open the local file as if it had just been uploaded i.e. in the format:

array(
  'name' => '',
  'type' => '',
  'tmp_name' => '',
  'error' => '',
  'size' => ''
);

I'm guessing I will need to manually recreate this structure - if so, how would I save the file contents?

Alternately, should I be changing my existing validation functions to receive file data in a different format?

Robbert
  • 6,481
  • 5
  • 35
  • 61
Ben Simpson
  • 407
  • 3
  • 9
  • you can write to $_FILES to set that stuff if you want, but you can't fake out `is_uploaded_file()` and `move_uploaded_file()`, which are specifically designed to prevent this sort of tampering. But in general, the file's on your harddrive, nothing says you can't use that file as a source for some OTHER upload. – Marc B Nov 25 '14 at 18:28
  • I think that you should first check how you send the uploaded file to Cloudfiles, do you send the content or do you give just a path to a third party library? Then, you will be able to choose between using your local file path, or reading its content. – 255kb - Mockoon Nov 25 '14 at 18:29

1 Answers1

0

No, they are fundamentally different.

name is the name of the file from the client. I suppose you could substitute the file name on disk.

type is the content type (often referred to as the MIME type), which is not stored by many filesystems. You will have to use magic numbers to detect the type based on the file contents. Alternatively, you can take a guess at the file type if there is an extension. Both methods have their cons.

tmp_name is completely irrelevant as you already have the file on disk.

error doesn't make sense since the file isn't being uploaded, therefore no operation is being done.

size is about the only thing you can replicate.

I don't see why you need all this information anyway. None of this information from the client should be used for validation of any kind.

Community
  • 1
  • 1
Brad
  • 159,648
  • 54
  • 349
  • 530
  • Thank you for your help and explanation. You're quite right and on further investigation, I am only really checking the 'error' part of the data - I am checking the file size and MIME type of the actual file rather than what's uploaded. To solve the problem I'm recreating the array format and sending the file location through in the tmp_name field - the rest of the code then works as is. – Ben Simpson Nov 26 '14 at 08:31