3

I can upload the files if they are fitting this validation rule

'user_file' => 'file|max:10240|mimes:xls,xlsx,doc,docx,pdf,zip'

all goes fine.

I have set my upload_max_filesize to 32MB and post_max_size to 40MB in php.ini

but if i try to upload a file bigger than 40MB my validation rules don't even trigger. I get TokenMismatchException error....

If someone can verify this by simply trying to upload some very big file (a video file for example)

lewis4u
  • 14,256
  • 18
  • 107
  • 148

3 Answers3

2

When You exceed post payload size - everything is dropped, so csrf_token does not come to laravel and the upload file is empty so it cannot be validated.

UPDATE

To fix this you need to check the file size before the uploading with javascript or jquery

here is an example:

How to check file input size with jQuery?

Community
  • 1
  • 1
Giedrius Kiršys
  • 5,154
  • 2
  • 20
  • 28
  • but how can i give some feedback to user? tokenmissmatch is crazy...or should i increase the upload file size – lewis4u Nov 10 '16 at 13:39
  • i have found this now http://laravel.io/forum/02-20-2014-l40-csrf-tokenmismatchexception-when-uploading-large-files and you were right about post payload size – lewis4u Nov 10 '16 at 13:40
  • @lewis4u You simply can't. You should do file size check with javascript. Or You can disable csrf check for that specific route and then check if no data is passed to from request. – Giedrius Kiršys Nov 10 '16 at 13:41
  • i think i can fix this with checking the file size in controller – lewis4u Nov 10 '16 at 13:43
  • 1
    @lewis4u If You hit that PHP post_max limit - You will get no data to controller so You have nothing to validate :) – Giedrius Kiršys Nov 10 '16 at 13:44
  • yes you were right....soo i need to check the file size before the user hits the submit button...other way i will get tokenmissmatch if the file is too big – lewis4u Nov 10 '16 at 13:53
1

In the case of file uploads, the file has to be copied to temp location into the server then the rules will work. so your server will not allow files of size greater than 40MB (post_max_size) into the temp location so rules will not work. Instead, to fix this you need to do frontend validation for files.

You can do this using simple Javascript as shown below,

$('input[type="file"]').change(function () {
if (this.files[0] != undefined) {
    var name = this.name;
    var filesize = this.files[0].size;
    var field = $('#' + this.name).parents('.input-group');

    //check if file size is larger than 3MB(which is 3e+6 bytes)
    if (filesize > 3000000) {
       alert(filesize);
    //reset that input field if its file size is more than 3MB
       $('[name="' + name + '"]').val('')
    }
  }
});

you can just include this for all input of type='file' by changing size limit in bytes.

Shivakrishna
  • 1,333
  • 1
  • 12
  • 18
0

I encountered the same problem. You should as well check that the validator is checking file data, not post data :

I've tested :

$validator = Validator::make($request->post(), [
    myfield' => 'required|image|mimes:jpeg,png,jpg,gif|max:1000000'
]);

Should have been :

$validator = Validator::make($request->file(), [
    myfield' => 'required|image|mimes:jpeg,png,jpg,gif|max:1000000'
]);
secavfr
  • 628
  • 1
  • 9
  • 24