CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
FileUploadSanitizeNameEvent example
protected function prepareFilename($filename, array &$validators) {
// The actual extension validation occurs in // \Drupal\jsonapi\Controller\TemporaryJsonapiFileFieldUploader::validate(). $extensions = $validators['file_validate_extensions'][0] ?? '';
$event = new FileUploadSanitizeNameEvent($filename, $extensions);
$this->eventDispatcher->dispatch($event);
return $event->getFilename();
}
/** * Determines the URI for a file field. * * @param array $settings * The array of field settings. * * @return string * An un-sanitized file directory URI with tokens replaced. The result of * the token replacement is then converted to plain text and returned. */
public function testSanitizeName(string $filename, string $allowed_extensions, string $expected_filename, string $expected_filename_with_insecure_uploads = NULL) {
// Configure insecure uploads to be renamed. $config_factory = $this->getConfigFactoryStub([
'system.file' => [
'allow_insecure_uploads' => FALSE,
],
]);
$subscriber = new SecurityFileUploadEventSubscriber($config_factory);
$event = new FileUploadSanitizeNameEvent($filename, $allowed_extensions);
$subscriber->sanitizeName($event);
// Check the results of the configured sanitization. $this->assertSame($expected_filename, $event->getFilename());
$this->assertSame($expected_filename !== $filename, $event->isSecurityRename());
// Rerun the event allowing insecure uploads. $config_factory = $this->getConfigFactoryStub([
'system.file' => [
'allow_insecure_uploads' => TRUE,
],
]);
protected function prepareFilename($filename, array &$validators) {
// The actual extension validation occurs in // \Drupal\file\Plugin\rest\resource\FileUploadResource::validate(). $extensions = $validators['file_validate_extensions'][0] ?? '';
$event = new FileUploadSanitizeNameEvent($filename, $extensions);
$this->eventDispatcher->dispatch($event);
return $event->getFilename();
}
/** * Determines the URI for a file field. * * @param array $settings * The array of field settings. * * @return string * An un-sanitized file directory URI with tokens replaced. The result of * the token replacement is then converted to plain text and returned. */
if (!$this->streamWrapperManager->isValidScheme($destinationScheme)) {
throw new InvalidStreamWrapperException(sprintf('The file could not be uploaded because the destination "%s" is invalid.', $destination));
}
// A file URI may already have a trailing slash or look like "public://". if (substr($destination, -1) != '/') {
$destination .= '/';
}
// Call an event to sanitize the filename and to attempt to address security // issues caused by common server setups. $event = new FileUploadSanitizeNameEvent($originalName, $extensions);
$this->eventDispatcher->dispatch($event);
$filename = $event->getFilename();
$mimeType = $this->mimeTypeGuesser->guessMimeType($filename);
$destinationFilename = $this->fileSystem->getDestinationFilename($destination . $filename, $replace);
if ($destinationFilename === FALSE) {
throw new FileExistsException(sprintf('Destination file "%s" exists', $destinationFilename));
}
$file = File::create([
'uid' => $this->currentUser->id(),
throw new InvalidStreamWrapperException(sprintf('The file could not be uploaded because the destination "%s" is invalid.', $destination));
}
// A file URI may already have a trailing slash or look like "public://". if (substr($destination, -1) != '/') {
$destination .= '/';
}
// Call an event to sanitize the filename and to attempt to address security // issues caused by common server setups. $event = new FileUploadSanitizeNameEvent($originalName, $extensions);
$this->eventDispatcher->dispatch($event);
$filename = $event->getFilename();
$mimeType = $this->mimeTypeGuesser->guessMimeType($filename);
$destinationFilename = $this->fileSystem->getDestinationFilename($destination . $filename, $replace);
if ($destinationFilename === FALSE) {
throw new FileExistsException(sprintf('Destination file "%s" exists', $destinationFilename));
}
$file = File::create([
'uid' => $this->currentUser->id(),
class FileUploadSanitizeNameEventTest extends UnitTestCase {
/** * @covers ::setFilename * @covers ::getFilename */
public function testSetFilename() {
$event = new FileUploadSanitizeNameEvent('foo.txt', '');
$this->assertSame('foo.txt', $event->getFilename());
$event->setFilename('foo.html');
$this->assertSame('foo.html', $event->getFilename());
}
/** * @covers ::setFilename */
public function testSetFilenameException() {
$event = new FileUploadSanitizeNameEvent('foo.txt', '');
$this->assertSame('foo.txt', $event->getFilename());
protected function prepareFilename($filename, array &$validators) {
$extensions = $validators['file_validate_extensions'][0] ?? '';
$event = new FileUploadSanitizeNameEvent($filename, $extensions);
$this->eventDispatcher->dispatch($event);
return $event->getFilename();
}
/** * Generates a lock ID based on the file URI. * * @param string $file_uri * The file URI. * * @return string * The generated lock ID. */