Hello there ^^
I’ve been fiddling around with a file upload form linked to the Kirby backend and I’ve came across an issue.
The accepted mime in the site/blueprint/files/collaboration-application-file.yml file template are the following:
title: Upload de fichier de candidature
accept:
mime: image/gif, image/jpeg, audio/mpeg, video/mp4, video/quicktime, font/otf, image/png, application/pdf, image/svg+xml, image/tiff, font/ttf, text/plain, image/webp, font/woff, font/woff2
maxsize: 3000000
The HTML file input also has the same list:
<input max="5"type="file" name="c_files[]" id="c_files" accept="image/gif, image/jpeg, audio/mpeg, video/mp4, video/quicktime, font/otf, image/png, application/pdf, image/svg+xml, image/tiff, font/ttf, text/plain, image/webp, font/woff, font/woff2" multiple>
I’ve gathered the MIME type list from Mozilla common MIME types list to be have to correct nomenclature.
I’ve been following the Uploading files from the frontend tutorial and am checking the uploaded files with the following PHP code in the site/controllers/home.php controller file:
if (count($uploads) > 1) {
foreach ($uploads as $upload) {
// check for duplicate
$files = $project_page->files();
$duplicates = $files->filter(function ($file) use ($upload) {
// get original safename without prefix
$pos = strpos($file->filename(), '_');
$originalSafename = substr($file->filename(), $pos + 1);
return $originalSafename === F::safeName($upload['name']) &&
$file->mime() === $upload['type'] &&
$file->size() === $upload['size'];
});
if ($duplicates->count() > 0) {
array_push($alerts, $upload['name'] . ': Ce fichier existe déjà ');
continue;
}
try {
$name = crc32($upload['name'].microtime()). '_' . $upload['name'];
$file = $project_page->createFile([
'source' => $upload['tmp_name'],
'filename' => $name,
'template' => 'collaboration-application-file',
'content' => [
'date' => date('Y-m-d h:m')
]
]);
$success = 'Votre candidature a bien été reçue';
} catch (Exception $e) {
array_push($alerts, $upload['name'] . ':' . $e->getMessage());
$alerts = json_encode($alerts);
return compact('alerts', 'success');
}
}
}
This code has been working quite well, but I’m only now getting errors when trying out some different file formates from the list, namely the The extension "txt" is not allowed and the Invalid mime type: font/sfnt. I’m considering simplifying the list to image/*, audio/*, video/*, font/*, application/*, text/*, but I don’t have the knowledge necessary to know wether this approach would be safe, since the files will have to be openable online by the users.
Thank you in advance for your time and help,
Kisses <3
NG