Make file upload required to submit the form in Filament 4

Hello,

I have this FileUpload element that should required to submit the form but at the same time I don't need to store anything in the database.

In the code below it doesn't store anything in the database but - despite being required - I'm able to submit the form without having uploaded any file.

FileUpload::make('video_file')
                    ->dehydrated(false)
                    ->required()
                    ->label('Video File')
                    ->disk('s3')
                    ->directory('temp')
                    ->acceptedFileTypes([
                        'video/mp4',
                        'video/quicktime',
                        'video/x-msvideo',
                        'video/x-matroska',
                        'video/x-ms-wmv',
                    ])
                    ->maxSize(2097152)
                    ->getUploadedFileNameForStorageUsing(function (TemporaryUploadedFile $file, callable $get) {
                        $code = $get('code');
                        $extension = $file->getClientOriginalExtension();
                        return $code . '.' . $extension;
                    }),

Thanks, S

jlrdw

8 months ago

Level 75

Side note, this is very unsafe:

$extension = $file->getClientOriginalExtension();

https://symfonycasts.com/screencast/symfony-uploads/file-naming#play

https://symfonycasts.com/screencast/symfony-uploads/upload-in-form#play

https://symfonycasts.com/screencast/symfony-uploads/uploader-service#play

Also in the laravel documentation:

However, keep in mind that the getClientOriginalName and getClientOriginalExtension methods are considered unsafe, as the file name and extension may be tampered with by a malicious user. For this reason, you should typically prefer the hashName and extension methods to get a name and an extension for the given file upload:

Reference:

https://laravel.com/docs/12.x/filesystem#other-uploaded-file-information

Please or to participate in this conversation.