Overview
File Uploads
Watch the Rapid Laravel Development with Filament series on Laracasts - it will teach you the basics of adding file upload fields to Filament forms.
Filament also supports spatie/laravel-medialibrary. See our plugin documentation for more information.
Configuring the storage disk and directory
By default, files will be uploaded publicly to your storage disk defined in the configuration file. You can also set theFILAMENT_FILESYSTEM_DISK environment variable to change this.
To correctly preview images and other files, FilePond requires files to be served from the same domain as the app, or the appropriate CORS headers need to be present. Ensure that the APP_URL environment variable is correct, or modify the filesystem driver to set the correct URL. If you’re hosting files on a separate domain like S3, ensure that CORS headers are set up.
To change the disk and directory for a specific field, and the visibility of files, use the disk(), directory() and visibility() methods:
It is the responsibility of the developer to delete these files from the disk if they are removed, as Filament is unaware if they are depended on elsewhere. One way to do this automatically is observing a model event.
Uploading multiple files
You may also upload multiple files. This stores URLs in JSON:array cast to the model property:
Controlling the maximum parallel uploads
You can control the maximum number of parallel uploads using themaxParallelUploads() method:
1. If unset, we’ll use the default FilePond value which is 2.
Controlling file names
By default, a random file name will be generated for newly-uploaded files. This is to ensure that there are never any conflicts with existing files.Security implications of controlling file names
Before using thepreserveFilenames() or getUploadedFileNameForStorageUsing() methods, please be aware of the security implications. If you allow users to upload files with their own file names, there are ways that they can exploit this to upload malicious files. This applies even if you use the acceptedFileTypes() method to restrict the types of files that can be uploaded, since it uses Laravel’s mimetypes rule which does not validate the extension of the file, only its mime type, which could be manipulated.
This is specifically an issue with the getClientOriginalName() method on the TemporaryUploadedFile object, which the preserveFilenames() method uses. By default, Livewire generates a random file name for each file uploaded, and uses the mime type of the file to determine the file extension.
Using these methods with the local or public filesystem disks will make your app vulnerable to remote code execution if the attacker uploads a PHP file with a deceptive mime type. Using an S3 disk protects you from this specific attack vector, as S3 will not execute PHP files in the same way that your server might when serving files from local storage.
If you are using the local or public disk, you should consider using the storeFileNamesIn() method to store the original file names in a separate column in your database, and keep the randomly generated file names in the file system. This way, you can still display the original file names to users, while keeping the file system secure.
On top of this security issue, you should also be aware that allowing users to upload files with their own file names can lead to conflicts with existing files, and can make it difficult to manage your storage. Users could upload files with the same name and overwrite the other’s content if you do not scope them to a specific directory, so these features should in all cases only be accessible to trusted users.
Preserving original file names
Important: Before using this feature, please ensure that you have read the security implications.To preserve the original filenames of the uploaded files, use the
preserveFilenames() method:
Generating custom file names
Important: Before using this feature, please ensure that you have read the security implications.You may completely customize how file names are generated using the
getUploadedFileNameForStorageUsing() method, and returning a string from the closure based on the $file that was uploaded:
Storing original file names independently
You can keep the randomly generated file names, while still storing the original file name, using thestoreFileNamesIn() method:
attachment_file_names will now store the original file names of your uploaded files, so you can save them to the database when the form is submitted. If you’re uploading multiple() files, make sure that you add an array cast to this Eloquent model property too.
Avatar mode
You can enable avatar mode for your file upload field using theavatar() method:
Image editor
You can enable an image editor for your file upload field using theimageEditor() method:
Allowing users to crop images to aspect ratios
You can allow users to crop images to a set of specific aspect ratios using theimageEditorAspectRatios() method:
null as an option:
Setting the image editor’s mode
You can change the mode of the image editor using theimageEditorMode() method, which accepts either 1, 2 or 3. These options are explained in the Cropper.js documentation:
Customizing the image editor’s empty fill color
By default, the image editor will make the empty space around the image transparent. You can customize this using theimageEditorEmptyFillColor() method:
Setting the image editor’s viewport size
You can change the size of the image editor’s viewport using theimageEditorViewportWidth() and imageEditorViewportHeight() methods, which generate an aspect ratio to use across device sizes:
Allowing users to crop images as a circle
You can allow users to crop images as a circle using thecircleCropper() method:
avatar() method, which renders the images in a compact circle layout.
Cropping and resizing images without the editor
Filepond allows you to crop and resize images before they are uploaded, without the need for a separate editor. You can customize this behavior using theimageCropAspectRatio(), imageResizeTargetHeight() and imageResizeTargetWidth() methods. imageResizeMode() should be set for these methods to have an effect - either force, cover, or contain.
Altering the appearance of the file upload area
You may also alter the general appearance of the Filepond component. Available options for these methods are available on the Filepond website.Displaying files in a grid
You can use the Filepondgrid layout by setting the panelLayout():
Reordering files
You can also allow users to re-order uploaded files using thereorderable() method:
appendFiles() method:
Opening files in a new tab
You can add a button to open each file in a new tab with theopenable() method:
Downloading files
If you wish to add a download button to each file instead, you can use thedownloadable() method:
Previewing files
By default, some file types can be previewed in FilePond. If you wish to disable the preview for all files, you can use thepreviewable(false) method:
Moving files instead of copying when the form is submitted
By default, files are initially uploaded to Livewire’s temporary storage directory, and then copied to the destination directory when the form is submitted. If you wish to move the files instead, providing that temporary uploads are stored on the same disk as permanent files, you can use themoveFiles() method:
Preventing files from being stored permanently
If you wish to prevent files from being stored permanently when the form is submitted, you can use thestoreFiles(false) method:
previewable(false). This is due to a limitation with the FilePond preview plugin.
Orienting images from their EXIF data
By default, FilePond will automatically orient images based on their EXIF data. If you wish to disable this behavior, you can use theorientImagesFromExif(false) method:
Hiding the remove file button
It is also possible to hide the remove uploaded file button by usingdeletable(false):
Preventing pasting files
You can disable the ability to paste files via the clipboard using thepasteable(false) method:
Prevent file information fetching
While the form is loaded, it will automatically detect whether the files exist, what size they are, and what type of files they are. This is all done on the backend. When using remote storage with many files, this can be time-consuming. You can use thefetchFileInformation(false) method to disable this feature:
Customizing the uploading message
You may customize the uploading message that is displayed in the form’s submit button using theuploadingMessage() method:
File upload validation
As well as all rules listed on the validation page, there are additional rules that are specific to file uploads. Since Filament is powered by Livewire and uses its file upload system, you will want to refer to the default Livewire file upload validation rules in theconfig/livewire.php file as well. This also controls the 12MB file size maximum.
File type validation
You may restrict the types of files that may be uploaded using theacceptedFileTypes() method, and passing an array of MIME types.
image() method as shorthand to allow all image MIME types.
Custom MIME type mapping
Some file formats may not be recognized correctly by the browser when uploading files. Filament allows you to manually define MIME types for specific file extensions using themimeTypeMap() method:
File size validation
You may also restrict the size of uploaded files in kilobytes:Uploading large files
If you experience issues when uploading large files, such as HTTP requests failing with a response status of 422 in the browser’s console, you may need to tweak your configuration. In thephp.ini file for your server, increasing the maximum file size may fix the issue:
rules key of temporary_file_upload. In this instance, KB are used in the rule, and 120MB is 122880KB:
Number of files validation
You may customize the number of files that may be uploaded, using theminFiles() and maxFiles() methods:
