Mercurial > hg > isophonics-drupal-site
comparison core/modules/image/src/Controller/ImageStyleDownloadController.php @ 16:c2387f117808
Routine composer update
| author | Chris Cannam |
|---|---|
| date | Tue, 10 Jul 2018 15:07:59 +0100 |
| parents | 4c8ae668cc8c |
| children |
comparison
equal
deleted
inserted
replaced
| 15:e200cb7efeb3 | 16:c2387f117808 |
|---|---|
| 9 use Drupal\system\FileDownloadController; | 9 use Drupal\system\FileDownloadController; |
| 10 use Symfony\Component\DependencyInjection\ContainerInterface; | 10 use Symfony\Component\DependencyInjection\ContainerInterface; |
| 11 use Symfony\Component\HttpFoundation\BinaryFileResponse; | 11 use Symfony\Component\HttpFoundation\BinaryFileResponse; |
| 12 use Symfony\Component\HttpFoundation\Request; | 12 use Symfony\Component\HttpFoundation\Request; |
| 13 use Symfony\Component\HttpFoundation\Response; | 13 use Symfony\Component\HttpFoundation\Response; |
| 14 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; | |
| 14 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; | 15 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; |
| 15 use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException; | 16 use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException; |
| 16 | 17 |
| 17 /** | 18 /** |
| 18 * Defines a controller to serve image styles. | 19 * Defines a controller to serve image styles. |
| 77 * The image style to deliver. | 78 * The image style to deliver. |
| 78 * | 79 * |
| 79 * @return \Symfony\Component\HttpFoundation\BinaryFileResponse|\Symfony\Component\HttpFoundation\Response | 80 * @return \Symfony\Component\HttpFoundation\BinaryFileResponse|\Symfony\Component\HttpFoundation\Response |
| 80 * The transferred file as response or some error response. | 81 * The transferred file as response or some error response. |
| 81 * | 82 * |
| 83 * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException | |
| 84 * Thrown when the file request is invalid. | |
| 82 * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException | 85 * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException |
| 83 * Thrown when the user does not have access to the file. | 86 * Thrown when the user does not have access to the file. |
| 84 * @throws \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException | 87 * @throws \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException |
| 85 * Thrown when the file is still being generated. | 88 * Thrown when the file is still being generated. |
| 86 */ | 89 */ |
| 102 $valid = !empty($image_style) && file_stream_wrapper_valid_scheme($scheme); | 105 $valid = !empty($image_style) && file_stream_wrapper_valid_scheme($scheme); |
| 103 if (!$this->config('image.settings')->get('allow_insecure_derivatives') || strpos(ltrim($target, '\/'), 'styles/') === 0) { | 106 if (!$this->config('image.settings')->get('allow_insecure_derivatives') || strpos(ltrim($target, '\/'), 'styles/') === 0) { |
| 104 $valid &= $request->query->get(IMAGE_DERIVATIVE_TOKEN) === $image_style->getPathToken($image_uri); | 107 $valid &= $request->query->get(IMAGE_DERIVATIVE_TOKEN) === $image_style->getPathToken($image_uri); |
| 105 } | 108 } |
| 106 if (!$valid) { | 109 if (!$valid) { |
| 107 throw new AccessDeniedHttpException(); | 110 // Return a 404 (Page Not Found) rather than a 403 (Access Denied) as the |
| 111 // image token is for DDoS protection rather than access checking. 404s | |
| 112 // are more likely to be cached (e.g. at a proxy) which enhances | |
| 113 // protection from DDoS. | |
| 114 throw new NotFoundHttpException(); | |
| 108 } | 115 } |
| 109 | 116 |
| 110 $derivative_uri = $image_style->buildUri($image_uri); | 117 $derivative_uri = $image_style->buildUri($image_uri); |
| 111 $headers = []; | 118 $headers = []; |
| 112 | 119 |