Contributed by
Kévin Dunglas
in #47710.
The File constraint from the Validator component checks that a given value
is a valid file. One of its options is called mimeTypes and it verifies that
the media type (formerly known as MIME type) of the file is one of the given values:
use Symfony\Component\Validator\Constraints as Assert;
class ScannedDocument
{
#[Assert\File(
maxSize: '1024k',
mimeTypes: ['application/pdf', 'application/x-pdf'],
)]
protected $pdfFile;
// ...
}The values passed to mimeTypes must be any of the official list of valid media types.
Some of these values are confusing and cumbersome even for common file types
(e.g. Microsoft Excel have multiple media types associated to it, such as
application/vnd.ms-excel, application/vnd.ms-excel.sheet.macroEnabled.12, etc.)
In Symfony 6.2 we're improving the File constraint with a new option called
extensions. This option checks both the file extension and its media type.
Using this option, the above example looks as follows:
use Symfony\Component\Validator\Constraints as Assert;
class ScannedDocument
{
#[Assert\File(maxSize: '1024k', extensions: 'pdf')]
protected $pdfFile;
// ...
}The extensions option checks both that the file has exactly the .pdf
extension and that its media type is any of the types associated to that extension
in the official list (application/pdf, application/x-pdf, etc.)
In the following example, we allow uploading any file associated to JPEG media
types, but require that the extension is .jpg (so, .jpeg files won't be
allowed):
use Symfony\Component\Validator\Constraints as Assert;
class UserProfile
{
#[Assert\File(maxSize: '250k', extensions: 'jpg')]
protected $avatar;
// ...
}The extensions option also allows to pass a list of media types to accept
for the extension. Moreover, you can pass an array to accept several extensions,
each of them optionally defining which media types to accept:
use Symfony\Component\Validator\Constraints as Assert;
class SharedFile
{
#[Assert\File(extensions: [
'jpg',
'txt' => 'text/plain',
'xml' => ['text/xml', 'application/xml'],
])]
protected $contents;
// ...
} <hr style="margin-bottom: 5px" />
<div style="font-size: 90%">
<a href="https://symfony.com/sponsor">Sponsor</a> the Symfony project.
</div>Login to add comment
Other posts in this group
We were absolutely thrilled to gather with the incredible Symfony community for the first time in Vienna, Austria, from December 5th to 6th, surrounded by the warm and festive atmosphere of the
SymfonyLive Paris 2025, conference in French language only, will take place from March 27 to 28! The schedule is currently being revealed as we go along. More details are available here.
💻
Symfony has been active on X, Mastodon, and Bluesky for some time, but until recently, not all platforms received equal attention. Since Twitter (now X) was our first social network, all blog posts we
SymfonyLive Berlin 2025, conference held in English, will take place from April 1 to 4! The schedule is being revealed gradually. More details are available here.
As we are now unveiling th
Affected versions
Twig versions >=3.16.0,<3.19.0 are affected by this security issue.
The issue has been fixed in Twig 3.19.0.
Description
When using the null coalesce operator (??), output esc
Symfony 6.4.18 has just been released. Here is the list of the most important changes since 6.4.17:
bug #58889 [Serializer] Handle default context in Serializer (@Valmonzo)bug #59631 [HttpClient
Symfony 7.1.11 has just been released. Here is the list of the most important changes since 7.1.10:
bug #58889 [Serializer] Handle default context in Serializer (@Valmonzo)bug #59631 [HttpClient
