I would like to initiate a discussion on file uploading with the form framework.
The current default behavior is to persist uploaded files across requests (when forms are binded). This is cool because when the forms do not pass validation the user doesn't have to select the file again, it is persisted. The current file input template does not show persisted file, some more work is needed here. One problem I can imagine is that it becomes very easy to fill the server disk with uploaded files: PHP usually cleans uploaded files that don't get move during the request however the form framework behavior is to move uploaded files to a TemporaryStorage, so you would have to do the cleaning yourself (for the files that eventually don't get moved out of the TemporaryStorage). There are several solutions I can think of to improve the current behavior: - Have the file persistence as an option and disable it by default - then you're more likely to think about the required cleaning when you explicitly enable persistency, - Implement a "max size" option in the TemporaryStorage class. When this limit is reached older files would automatically be deleted. Any thoughts on the problem, the proposed solutions, any other solutions ? Note: I only have some limited knowledge / experience with the new form framework, do not hesitate to correct me if something is wrong. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
