FileUploadSanitizeNameEvent example


  protected function prepareFilename($filename, array &$validators) {
    // The actual extension validation occurs in     // \Drupal\jsonapi\Controller\TemporaryJsonapiFileFieldUploader::validate().     $extensions = $validators['file_validate_extensions'][0] ?? '';
    $event = new FileUploadSanitizeNameEvent($filename$extensions);
    $this->eventDispatcher->dispatch($event);
    return $event->getFilename();
  }

  /** * Determines the URI for a file field. * * @param array $settings * The array of field settings. * * @return string * An un-sanitized file directory URI with tokens replaced. The result of * the token replacement is then converted to plain text and returned. */

  public function testSanitizeName(string $filename, string $allowed_extensions, string $expected_filename, string $expected_filename_with_insecure_uploads = NULL) {
    // Configure insecure uploads to be renamed.     $config_factory = $this->getConfigFactoryStub([
      'system.file' => [
        'allow_insecure_uploads' => FALSE,
      ],
    ]);

    $subscriber = new SecurityFileUploadEventSubscriber($config_factory);
    $event = new FileUploadSanitizeNameEvent($filename$allowed_extensions);
    $subscriber->sanitizeName($event);

    // Check the results of the configured sanitization.     $this->assertSame($expected_filename$event->getFilename());
    $this->assertSame($expected_filename !== $filename$event->isSecurityRename());

    // Rerun the event allowing insecure uploads.     $config_factory = $this->getConfigFactoryStub([
      'system.file' => [
        'allow_insecure_uploads' => TRUE,
      ],
    ]);

  protected function prepareFilename($filename, array &$validators) {
    // The actual extension validation occurs in     // \Drupal\file\Plugin\rest\resource\FileUploadResource::validate().     $extensions = $validators['file_validate_extensions'][0] ?? '';
    $event = new FileUploadSanitizeNameEvent($filename$extensions);
    $this->eventDispatcher->dispatch($event);
    return $event->getFilename();
  }

  /** * Determines the URI for a file field. * * @param array $settings * The array of field settings. * * @return string * An un-sanitized file directory URI with tokens replaced. The result of * the token replacement is then converted to plain text and returned. */
if (!$this->streamWrapperManager->isValidScheme($destinationScheme)) {
      throw new InvalidStreamWrapperException(sprintf('The file could not be uploaded because the destination "%s" is invalid.', $destination));
    }

    // A file URI may already have a trailing slash or look like "public://".     if (substr($destination, -1) != '/') {
      $destination .= '/';
    }

    // Call an event to sanitize the filename and to attempt to address security     // issues caused by common server setups.     $event = new FileUploadSanitizeNameEvent($originalName$extensions);
    $this->eventDispatcher->dispatch($event);
    $filename = $event->getFilename();

    $mimeType = $this->mimeTypeGuesser->guessMimeType($filename);
    $destinationFilename = $this->fileSystem->getDestinationFilename($destination . $filename$replace);
    if ($destinationFilename === FALSE) {
      throw new FileExistsException(sprintf('Destination file "%s" exists', $destinationFilename));
    }

    $file = File::create([
      'uid' => $this->currentUser->id(),
      

class FileUploadSanitizeNameEventTest extends UnitTestCase {

  /** * @covers ::setFilename * @covers ::getFilename */
  public function testSetFilename() {
    $event = new FileUploadSanitizeNameEvent('foo.txt', '');
    $this->assertSame('foo.txt', $event->getFilename());
    $event->setFilename('foo.html');
    $this->assertSame('foo.html', $event->getFilename());
  }

  /** * @covers ::setFilename */
  public function testSetFilenameException() {
    $event = new FileUploadSanitizeNameEvent('foo.txt', '');
    $this->assertSame('foo.txt', $event->getFilename());
    

  protected function prepareFilename($filename, array &$validators) {
    $extensions = $validators['file_validate_extensions'][0] ?? '';
    $event = new FileUploadSanitizeNameEvent($filename$extensions);
    $this->eventDispatcher->dispatch($event);

    return $event->getFilename();
  }

  /** * Generates a lock ID based on the file URI. * * @param string $file_uri * The file URI. * * @return string * The generated lock ID. */
Home | Imprint | This part of the site doesn't use cookies.