Evil is_uploaded_file function and ZF file upload

Just working on new ZF Uploadify extension and i found myself in situation that i have to simulate file upload.
And here my story begins.

I had this great idea to simplify work experience with Uploadify jQuery plugin. What a nightmare! So from all of the problems i met during last 4 days, this one was the biggest one. Simply because i wasn’t able to solve it and ended up by deleting all the code i wrote last day :/

From the beginning. Uplodify is jquery plugin for uploading files. in ZF we got Zend_Form_Element_File what generate all needed html and validation behind. I get idea to simply extend this class and create Uploadify extension (what is now finished, i will post about it later). I wanted to keep everything so simple, that it would be possible to use this extension even on my existing project simply by replacing construction class and adding as less setup as needed.

This extension handles file uploading by itself, so what i needed was to update global variable $_FILE by uploaded data and proceed to rest of the code after validation (the original code what was written purely for Zend_Form_Element_File). but to my surprise, this is not doable. Because ZF 1.9 use is_uploaded_file to validate, if file was really uploaded by form.(file: /Zend/Validate/File/Upload.php, line: 177) on of my desperate idea was to extend this validation and overwrite this one line of code, but again on my surprise, ZF on some places call directly this validator (by file name, not by any passed reference in array of validators) so if i wanted to use my validation, i would have to change almost all classes what are involved in validation process.

I was googleing around to find how to bypass this is_uploaded_file function, but without any success. My last chance was to look into php source code, but from what i’ve found on some forum, its full of macros so even if you understand C language, you will not be able to fully read this code. so i give up.

For anyone trying to bypass is_uploaded_file, i got bad news, its not possible in php.

i’ve tried to fill fake all php predefined variables, i was comparing header information sent in both cases (from html, from flash via Uploadify). the only way how to do this is via some cgi thing used in PHP Unit testing, but this requires specific server setup and would break all idea of simplicity.

Leave a Reply