feat: add file upload validation rules with WordPress integration

[csemazharul]

Summary

• Implements the full Laravel-compatible file validation rule set for WordPress: file, image, max_file, mimes, encoding, extensions, mimetypes
• Extends existing between and size rules with file size (KB) awareness alongside their original string/int/array behavior
• Uses WordPress-native functions throughout (wp_check_filetype_and_ext, wp_get_ext_types, wp_get_mime_types, wp_get_attachment_metadata) instead of raw PHP where equivalents exist

Key fixes over the initial draft

• ImageRule: replaced non-existent wp_get_image_mime_types() with wp_get_ext_types()['image'] + wp_get_mime_types(); switched from trusting user-controlled $_FILES['type'] to content-based wp_check_filetype_and_ext()
• MaxFileRule: fixed dead-code branch (metadata['file'] check) to use metadata['filesize'] via shared getAttachmentSizeBytes() helper
• Rule::setParameterValues: fixed multi-value single-key rules (mimes:jpg,png,pdf) being silently dropped by the Validator pipeline due to array count mismatch
• BetweenRule / SizeRule: WP attachment path guarded with function_exists('get_attached_file') for non-WP environments

Test plan

• image rule: accepts image/jpeg, image/png, image/gif; rejects application/pdf, text/plain
• max_file rule: accepts files within KB limit, rejects oversized files
• mimes rule: matches by MIME type and extension fallback
• encoding rule: detects encoding from file contents
• extensions rule: checks extension via wp_check_filetype()
• mimetypes rule: content-based MIME check via wp_check_filetype_and_ext()
• between / size rules: existing string/int/array behavior unchanged; file size path exercised with $_FILES array
• file rule: rejects missing keys, non-OK error codes, empty tmp_name

🤖 Generated with Claude Code

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive set of file validation rules for WordPress, including checks for file type, size, image dimensions, and encoding. It also updates existing rules like BetweenRule and SizeRule to handle file inputs. Feedback focuses on improving performance by caching static MIME type lookups and sampling file contents for encoding detection, enhancing security by verifying MIME types from file content rather than client-provided headers, and ensuring consistent file size calculation logic across different rules.

[gemini-code-assist]

Loading the entire file content into memory using file_get_contents() can lead to memory exhaustion (OOM) errors, especially with large file uploads. Since mb_detect_encoding only needs a representative sample of the text to detect the encoding, consider reading only the first few kilobytes of the file to improve performance and stability.

        $contents = file_get_contents($filePath, false, null, 0, 32768);

[gemini-code-assist]

The MimesRule currently trusts the type key from the $_FILES array, which is provided by the client and can be easily spoofed. To improve security and maintain consistency with ImageRule and MimetypesRule, you should use wp_check_filetype_and_ext() on the temporary file path to determine the actual MIME type based on the file's content.

        if (is_array($value) && isset($value['name'], $value['tmp_name'])) {
            $checked = wp_check_filetype_and_ext($value['tmp_name'], $value['name']);
            return [
                'name' => $value['name'],
                'type' => $checked['type'] ?? '',
            ];
        }

[gemini-code-assist]

The getImageMimeTypes method performs multiple loops and calls several WordPress functions (wp_get_ext_types, wp_get_mime_types) every time a field is validated. Since this list of allowed image MIME types is static for the duration of the request, consider caching the result in a static variable to improve performance.

    private function getImageMimeTypes(): array
    {
        static $imageMimes = null;

        if ($imageMimes !== null) {
            return $imageMimes;
        }

        $imageExtensions = wp_get_ext_types()['image'] ?? [];
        $imageMimes      = [];
        foreach (wp_get_mime_types() as $exts => $mime) {
            foreach (explode('|', $exts) as $ext) {
                if (in_array($ext, $imageExtensions, true)) {
                    $imageMimes[] = $mime;
                    break;
                }
            }
        }

        $imageMimes = array_values(array_unique($imageMimes));

        return $imageMimes;
    }

[gemini-code-assist]

There is an inconsistency in how file sizes are calculated between SizeRule (which uses round()) and BetweenRule (which uses float comparison). This can lead to confusing results where a file might pass a between range but fail a size check that falls within that range. Consider using a consistent conversion logic across all file-related rules.

[gemini-code-assist]

The (int) cast here is applied only to $value['size'] before the division, which is redundant as the size is already an integer. If the intention was to truncate the result of the division to an integer (KB), parentheses are missing. However, using floats for range comparison is generally more accurate. Also, note the inconsistency with SizeRule which uses round().

            $sizeKB = $value['size'] / 1024;