What does Laminas\InputFilter\FileInput do exactly?

I’ve been researching Laminas documentation for their FIleInput class and i haven’t found a decent explanation of what those filters and validators actually do.

I’m building a community website and planning to let users upload files and i want to apply security checks on those uploaded files.

So can Laminas\InputFilter\FileInput actually do that? or what does it do exactly?

Hello and welcome to our forums! :smiley:

The FileInput is a special input type for handling uploaded files. The behaviour of this input type is different because the given value is first validated and then filtered. For all other input types it is the opposite.
This means that the uploaded files are checked before they are filtered, e.g. renamed, moved or changed.
The input type FileInput adds automatically the validator Laminas\Validator\File\Upload.

Thanks for your reply!

Can it check the uploaded files for potential-hacking? like remove any hidden scripts that might be in the image header? or check the uploaded file if it’s actually a file or if it contains scripts that might damage the server and let hackers gain access to the server?

I just want to know what validating and filtering means. (Can i use and rely on this for securing the file upload?)

No there are no validators for this kind of problems. Do you know any good libraries on this topic? This would allow to implement a custom validator.

Validation is the check of data like user inputs in form of text or file and filtering will sanitize the data, so it may alter it by removing undesired characters.

More information also can be found in documentation:

https://docs.laminas.dev/laminas-validator/intro/#what-is-a-validator

https://docs.laminas.dev/laminas-filter/intro/#what-is-a-filter

And in the PHP documentation:

https://www.php.net/manual/intro.filter.php