all the validation on the Rule function Is server_side or client_side

Hi

When we validate a attribute in function rule. This validation is server side or client-side validation.

For example, a validation class for incoming file when this file:





public function rules()

   {


      return array(

              

                              array('file','ext.MyValidators.fileNameValidator'),

                               array('file', 'file', 'types'=>'pdf','message'=>'Only files with these extensions are allowed: pdf',

                                 'maxSize' => 1024 * 1024 * 2, // 2MB

                                 'minSize '=>1024 * 2,

                                 'tooLarge' => 'The file was larger than 2MB. Please upload a smaller file.',

                                 'tooSmall'=>'The file was Too Small. Please upload a larger file.',

                                 ),             );

   }




In other words, all the validation on the Rule function Is server_side or client_side validation ??? ???

Everything is on the server.

But there is the option CActiveForm.enableClientValidation to enable client validation.

I have in mind that not all Yii Validator classes are supported for client validation.

[color="#006400"]/* Moved from Tips to General Discussion */[/color]

In order to secure file uploads should be check MIME types file, I use the following code but the worst scenario happens:




<?php

 function getMimeType( $file ) {

    $realpath = realpath( $file );


    if (

      $realpath

      && function_exists( 'finfo_file' )

      && function_exists( 'finfo_open' )

      && defined( 'FILEINFO_MIME_TYPE' )

    ) {


      return finfo_file( finfo_open( FILEINFO_MIME_TYPE ), $realpath );

    } elseif ( function_exists( 'mime_content_type' ) ) {

      return mime_content_type( $file );

    } else {

      // Worst-case scenario has happened, use the file extension to infer the mime-type

      $ext = strtolower( pathinfo( $file, PATHINFO_EXTENSION ) );

      if ( isset( self::$mimeTypes[$ext] ) ) {

        return self::$mimeTypes[$ext];

      }

    }

    return false;

	}


?>



Do yii solution or php solution to obtain the actual MIME type fo file?

any one?????

Put it client side. :)

I’ve modified the run function of EJqueryUpload extension, like this:


	public function run() {


$script = <<<EOD

	$(function() {

    	$('#{$this->id}').change(function() {

        	var regexp = /\.(png)|(jpg)|(jpeg)|(gif)|(txt)|(patch)|(diff)|(bmp)|(log)|(zip)|(tgz)|(tar\.bz2)|(tar)|(tar\.gz)|(gz)$/i;

        	if (!regexp.test($('#{$this->id}').val())) {

            	alert('Only jpg, jpeg, gif, png, txt, patch, diff, bmp, log, zip, tgz, tar.bz2, bz2, tar, tar.gz and gz allowed');

            	$('#{$this->id}').val('');

            	return;

        	}

        	$(this).upload('{$this->url}', function(html) {

            	$('#{$this->id}').val('');

            	try{

                	var obj = jQuery.parseJSON(html);

                	if(obj.error) {

                    	alert(obj.error);

                    	return;

                	}

            	}

            	catch(e) {

            	}

            	$('#{$this->result_id}').append(html); 

        	}, 'html');

    	});

	});

EOD;

    	

    	Yii::app()->clientScript->registerScript(__CLASS__ . '#' . $this->id, $script, CClientScript::POS_READY);




    	echo "<input id='{$this->id}' type='file' name='file' />" ;

	}



It works for my project.

Thank you for your answer. But client-side validation does not provide real security.