What is the best way to validate an uploaded file in drupal 10

Jakub · September 6, 2024, 10:33am

I’m creating a custom module where people can fill out a form to apply for a job. Of course I want to implement form validation but it goes wrong when I want to validate the uploaded file.

I can’t seem to find a clear way to validate uploaded files, like anywhere. I’m trying to rely on my php knowledge but of course it is not entirely the same when it comes down to drupal.

I’m providing you guys with something I had now, which clearly doesn’t work, but I would like to ask what you would say is the best way to validate uploaded files? And without installing third party modules…

What I tried:

// Validate the uploaded file
$validators = ['file_validate_extensions' => ['docx doc pdf jpg jpeg png']];
$file = file_save_upload('cv', $validators, FALSE, 0);

if (!$file) {
    // Add error message if the file isn't validated
    $form_state->setErrorByName('cv', $this->t('Uw CV heeft een niet-toegestane extensie. Probeer het opnieuw.'));
} else {
    // Set the correct file in the form state
    $form_state->setValue('cv', $file);
}

Unfortunately, file_save_upload is not recognized because it’s deprecated and drupals documentation is a bit confusing to me…

Thanks in advance!

four-eyes · September 9, 2024, 5:33am

Understanding the file_save_upload Function:

The file_save_upload function is indeed deprecated in Drupal 9 and later. It has been replaced by the more flexible file_save_upload_multiple function.

Validating Uploaded Files in Drupal:

Create a Form Element:

Define a file field in your form:
PHP

$form['cv'] = [
    '#type' => 'file',
    '#title' => $this->t('Your CV'),
    '#required' => TRUE,
];

Implement Form Validation:

In your form’s validate() method, use the file_validate_extensions validator to check the file’s extension:
PHP

public function validateForm(array &$form, FormStateInterface $form_state) {
    parent::validateForm($form, $form_state);

    // Check if a file was uploaded
    if (isset($form_state->getValue('cv'))) {
        $file = $form_state->getValue('cv');

        // Validate the file extension
        $validators = ['file_validate_extensions' => ['docx', 'doc', 'pdf', 'jpg', 'jpeg', 'png']];
        $result = file_validate_extensions($file, $validators);

        if (!$result) {
            $form_state->setErrorByName('cv', $this->t('Invalid file extension. Please upload a file with one of the following extensions: DOCX, DOC, PDF, JPG, JPEG, or PNG.'));
        }
    }
}

Save the Validated File:

In your form’s submit() method, use the file_save_upload_multiple function to save the validated file:
PHP

public function submitForm(array &$form, FormStateInterface $form_state) {
    parent::submitForm($form, $form_state);

    // Check if a file was uploaded and validated
    if (isset($form_state->getValue('cv'))) {
        $file = $form_state->getValue('cv');

        // Save the file
        $file_path = file_save_upload_multiple($file, 'public://');

        if ($file_path) {
            // File saved successfully
            // Do something with the saved file path
        } else {
            // Error saving the file
            $form_state->setErrorByName('cv', $this->t('Error saving the file. Please try again.'));
        }
    }
}

Additional Considerations:

File Size Validation: You can use the file_validate_size validator to check the file size.
Mime Type Validation: You can use the file_validate_mime_type validator to check the file’s mime type.
Custom Validation: You can create custom validators to perform more specific checks based on your requirements.
Error Handling: Implement proper error handling mechanisms to provide informative feedback to users in case of validation errors.

By following these steps and incorporating additional validation rules as needed, you can effectively validate uploaded files in your custom Drupal module.