File tree Expand file tree Collapse file tree 2 files changed +19
-5
lines changed Expand file tree Collapse file tree 2 files changed +19
-5
lines changed Original file line number Diff line number Diff line change @@ -194,13 +194,23 @@ There are some important things to consider in the code of the above controller:
194194 users. This also applies to the files uploaded by your visitors. The ``UploadedFile ``
195195 class provides methods to get the original file extension
196196 (:method: `Symfony\\ Component\\ HttpFoundation\\ File\\ UploadedFile::getClientOriginalExtension `),
197- the original file size (:method: `Symfony\\ Component\\ HttpFoundation\\ File\\ UploadedFile::getSize `)
198- and the original file name (:method: `Symfony\\ Component\\ HttpFoundation\\ File\\ UploadedFile::getClientOriginalName `).
197+ the original file size (:method: `Symfony\\ Component\\ HttpFoundation\\ File\\ UploadedFile::getSize `),
198+ the original file name (:method: `Symfony\\ Component\\ HttpFoundation\\ File\\ UploadedFile::getClientOriginalName `)
199+ and the original file path (:method: `Symfony\\ Component\\ HttpFoundation\\ File\\ UploadedFile::getClientOriginalPath `).
199200 However, they are considered *not safe * because a malicious user could tamper
200201 that information. That's why it's always better to generate a unique name and
201202 use the :method: `Symfony\\ Component\\ HttpFoundation\\ File\\ UploadedFile::guessExtension `
202203 method to let Symfony guess the right extension according to the file MIME type;
203204
205+ .. note ::
206+
207+ If a directory was uploaded, ``getClientOriginalPath `` will contain the **webkitRelativePath ** as provided by the browser.
208+ Otherwise this value will be identical to ``getClientOriginalName ``.
209+
210+ .. versionadded :: 7.1
211+
212+ The ``getClientOriginalPath `` method was introduced in Symfony 7.1.
213+
204214You can use the following code to link to the PDF brochure of a product:
205215
206216.. code-block :: html+twig
Original file line number Diff line number Diff line change @@ -55,6 +55,10 @@ You might calculate the filename in one of the following ways::
5555 // use the original file name
5656 $file->move($directory, $file->getClientOriginalName());
5757
58+ // when "webkitdirectory" upload was used
59+ // otherwise the value will be the same as getClientOriginalName
60+ // $file->move($directory, $file->getClientOriginalPath());
61+
5862 // compute a random name and try to guess the extension (more secure)
5963 $extension = $file->guessExtension();
6064 if (!$extension) {
@@ -63,9 +67,9 @@ You might calculate the filename in one of the following ways::
6367 }
6468 $file->move($directory, rand(1, 99999).'.'.$extension);
6569
66- Using the original name via ``getClientOriginalName() `` is not safe as it
67- could have been manipulated by the end-user. Moreover, it can contain
68- characters that are not allowed in file names. You should sanitize the name
70+ Using the original name via ``getClientOriginalName() `` or `` getClientOriginalPath ``
71+ is not safe as it could have been manipulated by the end-user. Moreover, it can contain
72+ characters that are not allowed in file names. You should sanitize the value
6973before using it directly.
7074
7175Read :doc: `/controller/upload_file ` for an example of how to manage a file
You can’t perform that action at this time.
0 commit comments