v3.2.4

Fix XSS

v3.2.3

Fix Direct Link Generation

v3.2.2

Fix user_id session key

v3.2.1

Fix UserID and FileID generation

v3.2.0

1. Fix URLs generation
2. Added UserID and FileID generation

v3.1.0

Added Link Generation

v3.0.0

[3.0.0] - 2026-01-10

Major release introducing production-ready features including custom exceptions, PSR-3 logging, event system, storage abstraction, rate limiting, and virus scanning.

Added

Exception Hierarchy

• UploadException - Base exception class with context support
• ValidationException - Validation errors with factory methods
• StorageException - Storage operation failures
• FileNotFoundException - Missing file errors
• ConfigurationException - Configuration issues
• ImageException - Image processing errors

PSR-3 Logging

• LoggerInterface - PSR-3 compatible logging interface
• LogLevel - Log level constants
• FileLogger - File-based logger with rotation support
• NullLogger - No-op logger for testing
• LoggerAwareTrait - Trait for adding logging to any class

Validation System

• ValidationResult - Rich validation result objects
• ValidationError - Individual error representation
• ValidatorInterface - Validator contract
• ValidationChain - Chain multiple validators together
• ExtensionValidator - Extension whitelist/blacklist validation
• MimeTypeValidator - MIME type validation with strict mode
• SizeValidator - File size validation with category limits
• FilenameValidator - Forbidden names, path traversal detection
• ImageDimensionValidator - Image dimension and aspect ratio validation

Storage Abstraction

• StorageInterface - Flysystem-compatible storage interface
• LocalStorage - Local filesystem storage adapter
• FileInfo - File/directory metadata representation
• StorageManager - Multi-disk storage management

Rate Limiting

• RateLimiterInterface - Rate limiter contract
• RateLimitResult - Rate limit check result with headers
• InMemoryRateLimiter - Memory-based rate limiter
• FileRateLimiter - Persistent file-based rate limiter

Virus Scanning

• VirusScannerInterface - Virus scanner contract
• ScanResult - Scan result representation
• ClamAvScanner - ClamAV integration (socket + CLI)
• NullScanner - No-op scanner for development

Event System

• EventInterface - Event contract
• AbstractEvent - Base event class
• UploadEvents - Event name constants
• FileEvent - File-related events
• ValidationEvent - Validation events with result
• ScanEvent - Virus scan events
• EventDispatcher - Event dispatcher with priorities
• ListenerInterface - Event listener contract

New Classes

• UploadManager - All-in-one upload manager combining all features
• UploadResult - Comprehensive upload result object

Testing

• PHPUnit test suite with unit tests for all new components
• phpunit.xml configuration file

Changed

Upload Class

• Integrated LoggerAwareTrait for PSR-3 logging
• Added EventDispatcher integration for upload lifecycle events
• Replaced generic exceptions with custom exception hierarchy
• Added enableExceptions() method to throw exceptions instead of returning false
• Added validate() method returning ValidationResult object
• Added setEventDispatcher() and getEventDispatcher() methods
• Added getFile() and getFileName() accessor methods
• All validation methods now log warnings on failure
• Events dispatched for: before/after upload, before/after validation, validation failed, upload failed

composer.json

• Updated PHP requirement to 8.1+
• Added dev dependencies: phpunit, phpstan, phpcs
• Added autoload-dev for tests namespace
• Added scripts: test, test-coverage, phpstan, cs-check, cs-fix
• Added suggested packages: ext-gd, league/flysystem, monolog

Documentation

• Comprehensive README.md with all new features
• Usage examples for all components
• Security best practices guide

Examples

• Updated production.php with multi-file upload support
• Demonstrates all new features: validation chain, rate limiting, virus scanning, events, logging

Dependencies

• Requires PHP 8.1 or higher
• Requires fileinfo extension
• Requires json extension
• Optional: gd extension for image processing

Migration Guide

Users upgrading from 2.x should note:

1. Update PHP version to 8.1 or higher
2. Exceptions are now specific types - update catch blocks
3. Consider using UploadManager for new projects
4. Enable logging with setLogger() method
5. Use enableExceptions(true) for exception-based flow
6. Use validate() method for detailed validation results

v2.6.0

[2.6.0] - 2025-05-03

Enhanced file filtering and validation with a more comprehensive approach to file type management.

Added

• Enhanced filter.json structure with version tracking
• Added categorized MIME types for better file type validation
• Added category-specific file size limits
• Expanded the forbidden files list for improved security
• Added support for more file extensions and MIME types

Changed

• Updated Upload class to use the enhanced filter.json structure
• Improved file category detection based on MIME types
• Enhanced size limit validation with category-specific limits
• Improved MIME type validation with better error handling
• Updated isImage() method to use the new categories structure

v2.5.1

Bug Fix

v2.5.0

PhpFileUploading Library 2.5.0 - Release Notes

Overview

We're excited to announce the release of PhpFileUploading v2.5.0, featuring significant enhancements to the core components of the library. This update focuses on improving reliability, security, and performance across all classes, with particular attention to the Image and File classes.

What's New

Image Class Improvements

• Enhanced Resource Management: Implemented try/finally blocks to ensure proper cleanup of image resources in all circumstances
• Better Transparency Handling: Added consistent transparency preservation for PNG images across all manipulation methods
• Improved MIME Type Detection: Created a robust fallback system for determining image types when standard PHP functions are unavailable
• Memory Optimization: Added temporary memory limit adjustments for processing large images
• GD Extension Validation: Added explicit checks for GD library availability to prevent cryptic errors
• Better Error Handling: More specific error messages and improved exception handling

File Class Enhancements

• Robust File Validation: Improved validation of uploaded file arrays with more specific type checking
• Enhanced MIME Type Detection: Implemented a multi-layered approach with fallbacks for reliable MIME type identification
• Memory-Efficient File Hashing: Added streaming approach for hashing large files (>10MB) to prevent memory issues
• Improved Empty File Detection: Enhanced detection of empty uploads with multiple condition checks
• File Integrity Verification: Added size consistency checks between reported and actual file sizes
• Better Error Handling: More specific error messages and improved exception handling

General Improvements

• Code Quality: Enhanced code structure and readability across all classes
• Error Handling: More consistent and informative error messages
• Security: Improved validation and sanitization of inputs
• Performance: Optimized resource usage for better performance with large files

Breaking Changes

• The Image class now throws an exception if the GD extension is not available
• The File::isEmpty() method now uses stricter criteria to determine if a file is empty
• Error handling is more strict, with exceptions thrown earlier in the process

Upgrade Instructions

This release maintains backward compatibility with existing code that follows best practices. However, if your code relies on specific error handling behaviors or makes assumptions about resource management, we recommend testing thoroughly before upgrading in production.

Future Plans

In upcoming releases, we plan to introduce additional features to the Image class including:

• Image cropping functionality
• Image rotation and flipping
• Thumbnail generation
• EXIF data handling
• Advanced watermarking options