SilverStripe\Assets\Upload
Manages uploads via HTML forms processed by PHP, uploads to Silverstripe's default upload directory, and either creates a new or uses an existing File-object for syncing with the database.
<b>Validation</b>
By default, a user can upload files without extension limitations,
which can be a security risk if the webserver is not properly secured.
Use to limit this list,
and ensure the "assets/" directory does not execute scripts
(see http://doc.silverstripe.org/secure-development#filesystem).
provides a good start for a list of "safe" extensions.
Synopsis
class Upload
extends Controller
{
- // members
- private static array $allowed_actions = ;
- protected AssetContainer $file;
- protected Upload_Validator $validator;
- protected $tmpFile;
- protected boolean $replaceFile = false;
- protected array $errors = ;
- protected string $defaultVisibility = AssetStore::VISIBILITY_PROTECTED;
- private static string $uploads_folder = "Uploads";
- private static string $version_prefix = '-v';
- // methods
- public void __construct()
- public void index()
- public Upload_Validator getValidator()
- public void setValidator()
- protected AssetNameGenerator getNameGenerator()
- protected AssetStore getAssetStore()
- public array|false load()
- public bool loadIntoFile()
- protected array storeTempFile()
- protected string|false getValidFilename()
- protected string resolveExistingFile()
- public void setReplaceFile()
- public bool getReplaceFile()
- public boolean validate()
- public AssetContainer getFile()
- public void setFile()
- public void clearErrors()
- public boolean isError()
- public array getErrors()
- public string getDefaultVisibility()
- public $this setDefaultVisibility()
Hierarchy
Extends
- SilverStripe\Control\Controller
Tasks
Line | Task |
---|---|
32+ | Allow for non-database uploads |
Members
private
- $allowed_actions
- $uploads_folder
—
string
A foldername relative to /assets, where all uploaded files are stored by default. - $version_prefix
—
string
A prefix for the version number added to an uploaded file when a file with the same name already exists.
protected
- $defaultVisibility
—
string
Default visibility to assign uploaded files - $errors
—
array
Processing errors that can be evaluated, e.g. by Form-validation. - $file
—
SilverStripe\Assets\Storage\AssetContainer
A dataobject (typically {@see File}) which implements {@see AssetContainer} - $replaceFile
—
boolean
Replace an existing file rather than renaming the new one. - $tmpFile
—
array
Information about the temporary file produced by the PHP-runtime. - $validator
—
SilverStripe\Assets\Upload_Validator
Validator for this upload field
Methods
protected
- getAssetStore()
- getNameGenerator() — Get an asset renamer for the given filename.
- getValidFilename() — Given a temporary file and upload path, validate the file and determine the value of the 'Filename' tuple that should be used to store this asset.
- resolveExistingFile() — Given a file and filename, ensure that file renaming / replacing rules are satisfied
- storeTempFile() — Assign this temporary file into the given destination
public
- __construct()
- clearErrors() — Clear out all errors (mostly set by {loadUploaded()}) including the validator's errors
- getDefaultVisibility() — Get default visibility for uploaded files. {@see AssetStore} One of the values of AssetStore::VISIBILITY_* constants
- getErrors() — Return all errors that occurred while processing so far (mostly set by {loadUploaded()})
- getFile() — Get file-object, either generated from {load()}, or manually set.
- getReplaceFile()
- getValidator() — Get current validator
- index()
- isError() — Determines wether previous operations caused an error.
- load() — Save an file passed from a form post into the AssetStore directly
- loadIntoFile() — Save an file passed from a form post into this object.
- setDefaultVisibility() — Assign default visibility for uploaded files. {@see AssetStore} One of the values of AssetStore::VISIBILITY_* constants
- setFile() — Set a file-object (similiar to {loadIntoFile()})
- setReplaceFile()
- setValidator() — Set a different instance than {@link Upload_Validator} for this upload session.
- validate() — Container for all validation on the file (e.g. size and extension restrictions).