farzad-forouzanfar/secure-upload
Composer 安装命令:
composer require farzad-forouzanfar/secure-upload
包简介
A secure file upload package with validation and antivirus integration.
README 文档
README
SecureUpload is a secure file upload library for PHP that ensures files are safely uploaded to your server by performing a series of security validations. It includes checks for file existence, extension and MIME type validation, content scanning for malicious code, and optional antivirus scanning via ClamAV.
Features
- File Existence Check: Ensures the uploaded file exists before processing.
- Extension & MIME Type Validation: Verifies that files have valid extensions and corresponding MIME types.
- Content Scanning: Detects and prevents malicious scripts or code embedded in files.
- Antivirus Integration: Uses ClamAV (triggered via a Python script) to scan files for threats, with logging support if enabled.
- PSR-4 Autoloading: Fully compliant with Composer autoloading standards for easy integration.
Requirements
- PHP: Version 7.4 or higher. (PHP Official Website)
- Python: Required for antivirus scanning. (Python Official Website)
- ClamAV: For antivirus scanning:
- macOS: Install via Homebrew using:
brew install clamav
- Linux: Install using your distribution's package manager. For Ubuntu, for example:
sudo apt-get install clamav
- Windows: Download from the ClamAV website and follow the installation instructions.
- macOS: Install via Homebrew using:
Installation
SecureUpload is available via Composer. To install, run the following command in your project directory:
composer require farzad-forouzanfar/secure-upload
Alternatively, clone the repository:
- Clone the repository:
git clone https://github.com/FarzadForuozanfar/SecureUpload.git
- Navigate to the project directory:
cd SecureUpload
- Install dependencies via Composer:
composer install
Configuration
-
Environment Variables:
Create or update your.envfile with the necessary configuration settings. -
Language Files:
Place your language files in thelang/directory (e.g.,lang/lang-en.phporlang/lang-fa.php). -
Web Server Setup:
Configure your web server to serve thepublic/directory as the document root.
Usage
To use SecureUpload, simply include the Composer autoloader in your project and instantiate the uploader in your application code. For example, in your public/index.php
<?php require_once __DIR__ . '/../vendor/autoload.php'; use SecureUpload\FileTypes\ImageTypes; use SecureUpload\Interfaces\FileSize; use SecureUpload\Uploader\SecureUploader; if (!empty($_FILES['uploaded_file'])) { // Define the allowed extensions and file size limits $allowedExtensions = ImageTypes::getAllExtensions(); // Get all allowed extensions for images $maxFileNameLength = 50; // Maximum file name length $maxFileSize = FileSize::TEN_MG; // Max file size (10MB) // Instantiate the SecureUploader with the configuration $uploader = new SecureUploader($allowedExtensions, $maxFileNameLength, $maxFileSize); // Reorganize the files array for processing $files = []; foreach ($_FILES['uploaded_file'] as $key => $items) { foreach ($items as $index => $item) { $files[$index][$key] = $item; } } // Validate each uploaded file foreach ($files as $file) { $result = $uploader->validate($file['tmp_name'], $file['name']); if (isset($result['error'])) { // Print the error message if validation fails echo "Error: " . $result['error']; die(); } else { // Print the success message if validation passes echo "File uploaded successfully: " . $file['name']; } } else { echo "No file uploaded."; } ?>
Usage via CLI
This package also provides a CLI tool that you can use for quick testing and configuration.
🔧 Publish .env file
To publish the default .env configuration file into your project root:
php vendor/bin/secure-upload publish-env
🧪 Test File Upload Validation
You can quickly test the validation logic via CLI using a file path:
php vendor/bin/secure-upload test-upload --file=path/to/your/file.jpg
Contributing
Contributions are welcome! If you encounter a bug or have a feature request, please open an issue on the GitHub repository. To contribute code, fork the repository and submit a pull request.
License
SecureUpload is licensed under the MIT License. See the LICENSE file for more details.
Screenshots
farzad-forouzanfar/secure-upload 适用场景与选型建议
farzad-forouzanfar/secure-upload 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 7 次下载、GitHub Stars 达 7, 最近一次更新时间为 2025 年 04 月 04 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「php」 「security」 「upload」 「validation」 「file-upload」 「antivirus」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 farzad-forouzanfar/secure-upload 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 farzad-forouzanfar/secure-upload 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 farzad-forouzanfar/secure-upload 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
The file manager intended for using Laravel with CKEditor / TinyMCE / Colorbox
Provide a way to secure accesses to all routes of an symfony application.
It's a barebone security class written on PHP
Laravel Media Popup to upload/view the files
Contao CMS integrity check for some files
A PHP security linter to detect insecure functions like var_dump, print_r, and other dangerous functions in your codebase
统计信息
- 总下载量: 7
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 7
- 点击次数: 28
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-04-04