Grid and channel special-cased in File field type
Developer Preview
In libraries/File_field.php, around line 309 ([email protected]), the file field checks if the uploaded file has changed from its original value. It does this by special-casing a check against channel_data and grid_field_* tables. When Blocks shows a file field, there’s no way to hook into that logic. (I haven’t come up with a solution to this yet, so Blocks is probably being over restrictive at this point.)
It would be great if File could do this validation without hitting the database. One thought would to add another hidden field that contains the original value. Then the validation could check if the current value is different than the original value. Naturally, the first fear here is that saavy users can alter the hidden value. But what if they do? If the new value is different than the original, than the “is this in an allowed directory” kicks in, so it will still be OK. If they try to change the new value and the original value to the same thing to sneak a file into an unallowed directory, well, since they’re the same, you just don’t change anything.
Maybe there are other viable options, too.
I don’t like the idea of having an additional hidden input for the reasons you’ve pointed out, however I do agree that we should have something there for other developers to hook into. Are you calling File_field::validate() directly?
No, I’m calling validate on the field type that I’m getting back from
ee()->api_channel_fields->setup_handler($field_name, TRUE);So, File_ft’s validate.
It looks like our best case it to provide you with an extension in File_field::validate(). We’re thinking it would just cover the part that makes the validation query, but could make it encompass more if that’s what you needed. What would you prefer?