Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem
When i allow any extension on file upload, with multiple upload there is a bug with validation extension.
Validation of the first file work corretly.
For the second file and other $extensions apply default value = 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp';
Solution
For correct operation, we need to move the code with the $extensions above "foreach ($uploaded_files "...
I'm attaching a patch.
Comment | File | Size | Author |
---|---|---|---|
#37 | 2894193-37.patch | 20.96 KB | alexpott |
#31 | 2894193-31.patch | 20.95 KB | alexpott |
#31 | 11-31-interdiff.txt | 859 bytes | alexpott |
#18 | 2949091-11.patch | 20.92 KB | alexpott |
#17 | 2894193-15-do-not-test.patch | 20.76 KB | jlscott |
Comments
Comment #2
kkonuhov CreditAttribution: kkonuhov commentedComment #3
dawehnerComment #4
Anonymous (not verified) CreditAttribution: Anonymous commentedComment #5
runeasgar CreditAttribution: runeasgar as a volunteer commentedtouch
: dummy.txt and dummy.ftw.Unable to reproduce. Please provide step-by-step instructions for reproducing this issue.
Comment #6
Anonymous (not verified) CreditAttribution: Anonymous commented#2949091: Multiple file field with all file extensions does not work has special test for reproduce this problem. You should set
non-array-value
or'empty array'
to'file_validate_extensions'
key. It is not possible to do via the UI. I think this is one of an easter egg in Drupal :)Comment #7
Anonymous (not verified) CreditAttribution: Anonymous commentedRepost last patch with test-only from #2949091-17: Multiple file field with all file extensions does not work which we did with @mallezie. Feel free to improve.
Comment #8
zahord CreditAttribution: zahord as a volunteer and at Skilld commentedComment #9
jlscott CreditAttribution: jlscott as a volunteer commentedI have tested and confirmed the patch from #7.
I am using the contrib module allow_all_file_extensions to enable the UI to specify a file field that allows files with any extension to be uploaded. There is no official D8 release yet, but a tarball containing working D8 code is available from https://www.drupal.org/project/allow_all_file_extensions/issues/2974935
My suggestion to improve the patch would be to put ALL of the processing of the $validators['file_validate_extensions'] value above the "foreach file" loop rather than just the portion that checks whether the list is present but empty. The logic of the block can then be left unchanged from the original.
Cheers
Comment #10
alexpottComment #11
mallezieTest and fix looks good. Already tester this in the other issue as well.
One nitpick
Why not test for empty($validators['file_validate_extensions']) instead of first element.
Does what the comment says then, so a bit more readable imo.
Comment #12
alexpottI think we should refactor to prevent these type of errors. The problem is the loop. Let's refactor everything in the loop into a function. This means this type of issue is far less likely to occur.
The interdiff attached is not easy to read.
I'm not sure that this is the right place for this test code. Can we not do something only in the file module?
Comment #13
alexpottHere's a test that is only part of the file module and its existing test infra.
Comment #14
jlscott CreditAttribution: jlscott as a volunteer commented@alexpott. I like the refactoring you have done, I converted your patch to allow it to apply to 8.5.4 and have tested it. I can confirm that it works correctly with my environment (D8.5.4 and contrib module "allow_all_file_extensions"). Converted patch attached. leaving on "Needs review" as I have not tested your patch in an 8.6 environment.
Comment #17
jlscott CreditAttribution: jlscott as a volunteer commentedPatch for D8.5.4 rerolled and marked as do-not-test.
Comment #18
alexpott@jlscott thanks for backporting to 8.5.x - the patch in #17 doesn't have the new test. I'm uploading the 8.6.x patch as we have to get that done first and it helps the committers and reviewers when the most recent patch is the one to review / commit.
@jlscott perhaps you can review the patch with a view to rtbc?
Comment #19
alexpottCrediting @mallezie for work on the duplicate issue. Crediting @kkonuhov for creating the issue.
Comment #20
jlscott CreditAttribution: jlscott as a volunteer commentedI can confirm that the patch in #18 works correctly on my system (D8.6.0-dev plus allow_all_file_extensions).
Comment #21
mallezieJust took a look at the new patch. I really like the separate function, makes things more readable. Only found some very minor nitpicks on the comments.
the Uri where the file should be copied to.
If the uploaded file was not saved.
See lowercase
Not sure this comment makes much sense.
Comment #22
alexpott@mallezie all of this documentation is copied from the existing documentation is copied apart from
The created file entity or FALSE if the uploaded file not saved.
and I think you could havewas
,is
or even nothing here are it is all still correct :)Comment #23
mallezieThen just an extra RTBC from my side. Did not want to change status on those nitpicks, so thanks a lot for explaining them.
Comment #26
claudiu.cristeaComment #27
alexpottThe failed test run had nothing to do with this issue.
Comment #29
malleziePutting back to RTBC here. The test fail was the selenium which hang on the testbot. See: https://dispatcher.drupalci.org/job/drupal_patches/74739/console
Comment #30
larowlannit: this needs a param comment
are we certain we want to add a new procedural function?
should this be file?
Comment #31
alexpottThanks for the review @larowlan
1. Fixed
2. Yes because it makes these type of errors impossible to have in this function. It's much easier to understand the responsibilities when _file_save_upload_single() is in a different scope than file_save_upload()
3. Fixed.
Comment #32
dqdOne little Nitpicking: When commenting the setting of permission we should comment consistently that we set FileUri too before that, isn't?
Apart from that RTBC from me, since simpletest.me test with patch applied run successfully and multiple files upload test with different file types worked as expected without flaws. Additionally tested with experimental module media library: https://dmb66.ply.st/node/1
Do we need a backport for 8.6.x ?
Comment #33
alexpott@diqidoq this code is not introduced on changed by this patch. This patch moves everything from inside a foreach into it's own function. Also the patch applies cleanly to 8.6.x so it's upto the committer as to whether it should be cherry-picked. There's no need for a separate backport patch.
Comment #34
dqd@alexpott: Thanks for taking the time to clarify. Great to see progress on it. Thanks to all who have worked on it. Maybe we get some more testers for RTBC?
Comment #35
lpeabody CreditAttribution: lpeabody at Genuine commentedQuite right @diqidoq. Where are my manners. I tested this patch on Friday and it worked beautifully. Attached multiple files, no validation errors!
Comment #37
alexpottRerolled. Conflicted with #2989734: PHP 7.3 compatibility
Comment #38
catchCommitted and pushed 2b94ed3c25 to 8.7.x and e297dace3f to 8.6.x. Thanks!
Comment #41
dqd1+ @catch & @alexpott! Awesome!
Comment #42
LendudeShame these assertions that @alexpott added in #13 got taken out in #14, now we have no positive assertions for the error messages, only a negative assertion for the top level error.
Comment #44
wturrell CreditAttribution: wturrell as a volunteer commentedHello. I'm comparing this and the patch in #2869855: Race condition in file_save_upload causes data loss - do the changes to validation here make the latter unnecessary now? (and if not, might someone be able to help with re-rolling it?)
What I noticed was the chunk of identical code in
file.module:1039
(building the render array for the error message, which is the primary part of the race condition patch).Comment #45
apaderno