I made a module using dynamic rows component with imageUploader field inside. I was able to upload my image on the Magento 2.3.2, but since the new release (2.3.3), I can’t pass the valideFileId()
method in the class MagentoFrameworkFileUploader
.
If I take a look at the valideFileId()
method, here is what I see :
private function validateFileId(array $fileId): void
{
$isValid = false;
if (isset($fileId['tmp_name'])) {
$tmpName = trim($fileId['tmp_name']);
if (preg_match('/..(\|/)/', $tmpName) !== 1) {
$allowedFolders = [
sys_get_temp_dir(),
$this->directoryList->getPath(DirectoryList::MEDIA),
$this->directoryList->getPath(DirectoryList::VAR_DIR),
$this->directoryList->getPath(DirectoryList::TMP),
$this->directoryList->getPath(DirectoryList::UPLOAD),
];
$disallowedFolders = [
$this->directoryList->getPath(DirectoryList::LOG),
];
foreach ($allowedFolders as $allowedFolder) {
if (stripos($tmpName, $allowedFolder) === 0) {
$isValid = true;
break;
}
}
foreach ($disallowedFolders as $disallowedFolder) {
if (stripos($tmpName, $disallowedFolder) === 0) {
$isValid = false;
break;
}
}
}
}
if (!$isValid) {
throw new InvalidArgumentException(
__('Invalid parameter given. A valid $fileId[tmp_name] is expected.')
);
}
}
This private method is called from the _setUploadFileId()
which is called in the constructor.
Here is this method on Magento 2.3.2:
private function _setUploadFileId($fileId)
{
if (is_array($fileId)) {
$this->_uploadType = self::MULTIPLE_STYLE;
$this->_file = $fileId;
} else {
if (empty($_FILES)) {
throw new Exception('$_FILES array is empty');
}
and now on Magento 2.3.3:
private function _setUploadFileId($fileId)
{
if (is_array($fileId)) {
$this->validateFileId($fileId);
$this->_uploadType = self::MULTIPLE_STYLE;
$this->_file = $fileId;
} else {
if (empty($_FILES)) {
throw new DomainException('$_FILES array is empty');
}
Here is the data that I send:
array(5) {
["name"]=>
string(9) "image1.jpg"
["type"]=>
string(10) "image/jpeg"
["tmp_name"]=>
string(26) "/private/var/tmp/phpbPsgJz"
["error"]=>
int(0)
["size"]=>
int(72987)
}
Here is how I get my data:
$result = $this->imageUploader->saveFileToTmpDir($imageId);
imageUploader
being the class MagentoCatalogModelImageUploader
My tmp_name
is "/private/var/tmp/phpbPsgJz"
I run my project on Mac Os.
Thanks for your help.