You are here

function file_check_upload in Drupal 4

Same name and namespace in other branches
  1. 5 includes/file.inc \file_check_upload()

Check if $source is a valid file upload. If so, move the file to Drupal's tmp dir and return it as an object.

The use of SESSION['file_uploads'] should probably be externalized to upload.module

@todo Rename file_check_upload to file_prepare upload. @todo Refactor or merge file_save_upload. @todo Extenalize SESSION['file_uploads'] to modules.

Parameters

$source An upload source (the name of the upload form item), or a file:

Return value

false for an invalid file or upload. A file object for valid uploads/files.

Related topics

5 calls to file_check_upload()
file_save_upload in includes/file.inc
Saves a file upload to a new location. The source file is validated as a proper upload and handled as such.
system_theme_settings in modules/system.module
Menu callback; display theme configuration for entire site and individual themes.
_locale_admin_import_submit in includes/locale.inc
Process the locale import form submission.
_upload_prepare in modules/upload.module
Save new uploads and attach them to the node object. append file_previews to the node object as well.
_user_edit_validate in modules/user.module

File

includes/file.inc, line 170
API for handling file uploads and server file management.

Code

function file_check_upload($source = 'upload') {

  // Cache for uploaded files. Since the data in _FILES is modified
  // by this function, we cache the result.
  static $upload_cache;

  // Test source to see if it is an object.
  if (is_object($source)) {

    // Validate the file path if an object was passed in instead of
    // an upload key.
    if (is_file($source->filepath)) {
      return $source;
    }
    else {
      return false;
    }
  }

  // Return cached objects without processing since the file will have
  // already been processed and the paths in _FILES will be invalid.
  if (isset($upload_cache[$source])) {
    return $upload_cache[$source];
  }

  // If a file was uploaded, process it.
  if ($_FILES["edit"]["name"][$source] && is_uploaded_file($_FILES["edit"]["tmp_name"][$source])) {

    // Check for file upload errors and return false if a
    // lower level system error occurred.
    switch ($_FILES["edit"]["error"][$source]) {

      // @see http://php.net/manual/en/features.file-upload.errors.php
      case UPLOAD_ERR_OK:
        break;
      case UPLOAD_ERR_INI_SIZE:
      case UPLOAD_ERR_FORM_SIZE:
        drupal_set_message(t('The file %file could not be saved, because it exceeds the maximum allowed size for uploads.', array(
          '%file' => theme('placeholder', $source),
        )), 'error');
        return 0;
      case UPLOAD_ERR_PARTIAL:
      case UPLOAD_ERR_NO_FILE:
        drupal_set_message(t('The file %file could not be saved, because the upload did not complete.', array(
          '%file' => theme('placeholder', $source),
        )), 'error');
        return 0;

      // Unknown error
      default:
        drupal_set_message(t('The file %file could not be saved. An unknown error has occurred.', array(
          '%file' => theme('placeholder', $source),
        )), 'error');
        return 0;
    }

    // Begin building file object.
    $file = new StdClass();
    $file->filename = trim(basename($_FILES["edit"]["name"][$source]), '.');

    // Create temporary name/path for newly uploaded files.
    $file->filepath = tempnam(file_directory_temp(), 'tmp_');
    $file->filemime = $_FILES["edit"]["type"][$source];

    // Rename potentially executable files, to help prevent exploits.
    if ((substr($file->filemime, 0, 5) == 'text/' || strpos($file->filemime, 'javascript')) && substr($file->filename, -4) != '.txt' || preg_match('/\\.(php|pl|py|cgi|asp)$/i', $file->filename)) {
      $file->filemime = 'text/plain';
      $file->filepath .= '.txt';
      $file->filename .= '.txt';
    }

    // Move uploaded files from php's upload_tmp_dir to Drupal's file temp.
    // This overcomes open_basedir restrictions for future file operations.
    if (!move_uploaded_file($_FILES["edit"]["tmp_name"][$source], $file->filepath)) {
      drupal_set_message(t('File upload error. Could not move uploaded file.'));
      watchdog('file', t('Upload Error. Could not move uploaded file(%file) to destination(%destination).', array(
        '%file' => theme('placeholder', $_FILES["edit"]["tmp_name"][$source]),
        '%destination' => theme('placeholder', $file->filepath),
      )));
      return false;
    }
    $file->filesize = $_FILES["edit"]["size"][$source];
    $file->source = $source;

    // Add processed file to the cache.
    $upload_cache[$source] = $file;
    return $file;
  }
  else {

    // In case of previews return previous file object.
    if (file_exists($_SESSION['file_uploads'][$source]->filepath)) {
      return $_SESSION['file_uploads'][$source];
    }
  }

  // If nothing was done, return false.
  return false;
}