Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Image Uploader in Dynamic Rows Ui Component not saved since Magento 2.3.3

by |Published

I made a module using dynamic rows component with imageUploader field inside. I was able to upload my image on the Magento 2.3.2, but since the new release (2.3.3), I can’t pass the valideFileId() method in the class MagentoFrameworkFileUploader.

If I take a look at the valideFileId() method, here is what I see : 

private function validateFileId(array $fileId): void
    {
        $isValid = false;
        if (isset($fileId['tmp_name'])) {
            $tmpName = trim($fileId['tmp_name']);

            if (preg_match('/..(\|/)/', $tmpName) !== 1) {
                $allowedFolders = [
                    sys_get_temp_dir(),
                    $this->directoryList->getPath(DirectoryList::MEDIA),
                    $this->directoryList->getPath(DirectoryList::VAR_DIR),
                    $this->directoryList->getPath(DirectoryList::TMP),
                    $this->directoryList->getPath(DirectoryList::UPLOAD),
                ];

                $disallowedFolders = [
                    $this->directoryList->getPath(DirectoryList::LOG),
                ];

                foreach ($allowedFolders as $allowedFolder) {
                    if (stripos($tmpName, $allowedFolder) === 0) {
                        $isValid = true;
                        break;
                    }
                }

                foreach ($disallowedFolders as $disallowedFolder) {
                    if (stripos($tmpName, $disallowedFolder) === 0) {
                        $isValid = false;
                        break;
                    }
                }
            }
        }

        if (!$isValid) {
            throw new InvalidArgumentException(
                __('Invalid parameter given. A valid $fileId[tmp_name] is expected.')
            );
        }
    }

This private method is called from the _setUploadFileId() which is called in the constructor.

Here is this method on Magento 2.3.2:

 private function _setUploadFileId($fileId)
    {
        if (is_array($fileId)) {
            $this->_uploadType = self::MULTIPLE_STYLE;
            $this->_file = $fileId;
        } else {
            if (empty($_FILES)) {
                throw new Exception('$_FILES array is empty');
            }

and now on Magento 2.3.3:

private function _setUploadFileId($fileId)
    {
       if (is_array($fileId)) {
            $this->validateFileId($fileId);
            $this->_uploadType = self::MULTIPLE_STYLE;
            $this->_file = $fileId;
        } else {
            if (empty($_FILES)) {
                throw new DomainException('$_FILES array is empty');
            }

Here is the data that I send:

array(5) {
  ["name"]=>
  string(9) "image1.jpg"
  ["type"]=>
  string(10) "image/jpeg"
  ["tmp_name"]=>
  string(26) "/private/var/tmp/phpbPsgJz"
  ["error"]=>
  int(0)
  ["size"]=>
  int(72987)
}

Here is how I get my data:

$result = $this->imageUploader->saveFileToTmpDir($imageId);

imageUploader being the class MagentoCatalogModelImageUploader

My tmp_name is "/private/var/tmp/phpbPsgJz"

I run my project on Mac Os.
Thanks for your help.

You may also like