SecureUpload is a secure file upload library for PHP that ensures files are safely uploaded to your server by performing a series of security validations. It includes checks for file existence, extension and MIME type validation, content scanning for malicious code, and optional antivirus scanning via ClamAV.
- File Existence Check: Ensures the uploaded file exists before processing.
- Extension & MIME Type Validation: Verifies that files have valid extensions and corresponding MIME types.
- Content Scanning: Detects and prevents malicious scripts or code embedded in files.
- Antivirus Integration: Uses ClamAV (triggered via a Python script) to scan files for threats, with logging support if enabled.
- PSR-4 Autoloading: Fully compliant with Composer autoloading standards for easy integration.
- PHP: Version 7.4 or higher. (PHP Official Website)
- Python: Required for antivirus scanning. (Python Official Website)
- ClamAV: For antivirus scanning:
- macOS: Install via Homebrew using:
brew install clamav
- Linux: Install using your distribution's package manager. For Ubuntu, for example:
sudo apt-get install clamav
- Windows: Download from the ClamAV website and follow the installation instructions.
- macOS: Install via Homebrew using:
SecureUpload is available via Composer. To install, run the following command in your project directory:
composer require farzad-forouzanfar/secure-uploadAlternatively, clone the repository:
- Clone the repository:
git clone https://github.com/FarzadForuozanfar/SecureUpload.git- Navigate to the project directory:
cd SecureUpload- Install dependencies via Composer:
composer install-
Environment Variables:
Create or update your.envfile with the necessary configuration settings. -
Language Files:
Place your language files in thelang/directory (e.g.,lang/lang-en.phporlang/lang-fa.php). -
Web Server Setup:
Configure your web server to serve thepublic/directory as the document root.
To use SecureUpload, simply include the Composer autoloader in your project and instantiate the uploader in your application code. For example, in your public/index.php
<?php
require_once __DIR__ . '/../vendor/autoload.php';
use SecureUpload\FileTypes\ImageTypes;
use SecureUpload\Interfaces\FileSize;
use SecureUpload\Uploader\SecureUploader;
if (!empty($_FILES['uploaded_file']))
{
// Define the allowed extensions and file size limits
$allowedExtensions = ImageTypes::getAllExtensions(); // Get all allowed extensions for images
$maxFileNameLength = 50; // Maximum file name length
$maxFileSize = FileSize::TEN_MG; // Max file size (10MB)
// Instantiate the SecureUploader with the configuration
$uploader = new SecureUploader($allowedExtensions, $maxFileNameLength, $maxFileSize);
// Reorganize the files array for processing
$files = [];
foreach ($_FILES['uploaded_file'] as $key => $items)
{
foreach ($items as $index => $item)
{
$files[$index][$key] = $item;
}
}
// Validate each uploaded file
foreach ($files as $file)
{
$result = $uploader->validate($file['tmp_name'], $file['name']);
if (isset($result['error']))
{ // Print the error message if validation fails
echo "Error: " . $result['error']; die();
}
else
{ // Print the success message if validation passes
echo "File uploaded successfully: " . $file['name'];
}
}
else
{
echo "No file uploaded.";
}
?>This package also provides a CLI tool that you can use for quick testing and configuration.
To publish the default .env configuration file into your project root:
php vendor/bin/secure-upload publish-envYou can quickly test the validation logic via CLI using a file path:
php vendor/bin/secure-upload test-upload --file=path/to/your/file.jpgContributions are welcome! If you encounter a bug or have a feature request, please open an issue on the GitHub repository. To contribute code, fork the repository and submit a pull request.
SecureUpload is licensed under the MIT License. See the LICENSE file for more details.
 |
 |