FileValidationService
in package
File Validation Service.
Provides centralized file validation for uploads across the framework:
- Extension allowlist checking
- MIME type validation via finfo (magic bytes)
- File size enforcement
- Filename sanitization
Tags
Table of Contents
Methods
- getAllowedExtensions() : array<string|int, string>
- Get allowed file extensions from settings or defaults.
- getMaxSize() : int
- Get max file size from settings or default.
- sanitizeFilename() : string
- Sanitize a filename for safe filesystem storage.
- validateBase64Size() : array<string|int, mixed>
- Validate base64-encoded content size before decoding.
- validateMime() : array<string|int, mixed>
- Validate MIME type using finfo magic bytes.
- validateUpload() : array<string|int, mixed>
- Validate an uploaded file.
Methods
getAllowedExtensions()
Get allowed file extensions from settings or defaults.
public
static getAllowedExtensions() : array<string|int, string>
Return values
array<string|int, string>getMaxSize()
Get max file size from settings or default.
public
static getMaxSize() : int
Return values
int —Max size in bytes
sanitizeFilename()
Sanitize a filename for safe filesystem storage.
public
static sanitizeFilename(string $filename) : string
Removes path traversal sequences, dangerous characters, and normalizes.
Parameters
- $filename : string
-
Original filename
Return values
string —Sanitized filename
validateBase64Size()
Validate base64-encoded content size before decoding.
public
static validateBase64Size(string $base64[, int $maxSize = null ]) : array<string|int, mixed>
Parameters
- $base64 : string
-
Base64 string (without data URI prefix)
- $maxSize : int = null
-
Max decoded size in bytes
Return values
array<string|int, mixed> —['valid' => bool, 'estimated_size' => int, 'errors' => string[]]
validateMime()
Validate MIME type using finfo magic bytes.
public
static validateMime(string $filePath[, string|null $claimedMime = null ]) : array<string|int, mixed>
Parameters
- $filePath : string
-
Path to the file on disk
- $claimedMime : string|null = null
-
Optional claimed MIME to cross-check
Return values
array<string|int, mixed> —['valid' => bool, 'detected_mime' => string, 'errors' => string[]]
validateUpload()
Validate an uploaded file.
public
static validateUpload(array<string|int, mixed> $file[, array<string|int, mixed> $options = [] ]) : array<string|int, mixed>
Parameters
- $file : array<string|int, mixed>
-
File array with keys: name, tmp_name, type, size (same as $_FILES entry)
- $options : array<string|int, mixed> = []
-
Optional overrides: allowed_extensions, max_size, validate_mime
Return values
array<string|int, mixed> —['valid' => bool, 'errors' => string[]]