You are here

Home » API reference » Drupal 10 » file.module

function file_validate in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/file/file.module \file_validate()
  2. 7 includes/file.inc \file_validate()
  3. 9 core/modules/file/file.module \file_validate()

Checks that a file meets the criteria specified by the validators.

After executing the validator callbacks specified hook_file_validate() will also be called to allow other modules to report errors about the file.

Parameters

\Drupal\file\FileInterface $file: A file entity.

array $validators: (optional) An associative array of callback functions used to validate the file. The keys are function names and the values arrays of callback parameters which will be passed in after the file entity. The functions should return an array of error messages; an empty array indicates that the file passed validation. The callback functions will be called in the order specified in the array, then the hook hook_file_validate() will be invoked so other modules can validate the new file.

Return value

array An array containing validation error messages.

See also

hook_file_validate()

8 calls to file_validate()
FileUploadHandler::handleFileUpload in core/modules/file/src/Upload/FileUploadHandler.php
Creates a file from an upload.
FileUploadResource::post in core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
Creates a file from an endpoint.
FileUploadResource::validate in core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
Validates the file.
FileValidationConstraintValidator::validate in core/modules/file/src/Plugin/Validation/Constraint/FileValidationConstraintValidator.php
TemporaryJsonapiFileFieldUploader::handleFileUploadForField in core/modules/jsonapi/src/Controller/TemporaryJsonapiFileFieldUploader.php
Creates and validates a file entity for a file field from a file stream.

... See full list

File

core/modules/file/file.module, line 99
Defines a "managed_file" Form API field and a "file" field for Field module.

Code

function file_validate(FileInterface $file, $validators = []) {

  // Call the validation functions specified by this function's caller.
  $errors = [];
  foreach ($validators as $function => $args) {
    if (function_exists($function)) {
      array_unshift($args, $file);
      $errors = array_merge($errors, call_user_func_array($function, $args));
    }
  }

  // Let other modules perform validation on the new file.
  $errors = array_merge($errors, \Drupal::moduleHandler()
    ->invokeAll('file_validate', [
    $file,
  ]));

  // Ensure the file does not contain a malicious extension. At this point
  // \Drupal\file\Upload\FileUploadHandler::handleFileUpload() will have munged
  // the file so it does not contain a malicious extension. Contributed and
  // custom code that calls this method needs to take similar steps if they need
  // to permit files with malicious extensions to be uploaded.
  if (empty($errors) && !\Drupal::config('system.file')
    ->get('allow_insecure_uploads') && preg_match(FileSystemInterface::INSECURE_EXTENSION_REGEX, $file
    ->getFilename())) {
    $errors[] = t('For security reasons, your upload has been rejected.');
  }
  return $errors;
}