class FileUploadSanitizeNameEvent
Same name in other branches
- 10 core/lib/Drupal/Core/File/Event/FileUploadSanitizeNameEvent.php \Drupal\Core\File\Event\FileUploadSanitizeNameEvent
- 11.x core/lib/Drupal/Core/File/Event/FileUploadSanitizeNameEvent.php \Drupal\Core\File\Event\FileUploadSanitizeNameEvent
An event during file upload that lets subscribers sanitize the filename.
Hierarchy
- class \Drupal\Component\EventDispatcher\Event extends \Symfony\Component\EventDispatcher\Event
- class \Drupal\Core\File\Event\FileUploadSanitizeNameEvent extends \Drupal\Component\EventDispatcher\Event
Expanded class hierarchy of FileUploadSanitizeNameEvent
See also
\Drupal\file\Plugin\rest\resource\FileUploadResource::prepareFilename()
\Drupal\system\EventSubscriber\SecurityFileUploadEventSubscriber::sanitizeName()
8 files declare their use of FileUploadSanitizeNameEvent
- CKEditor5ImageController.php in core/
modules/ ckeditor5/ src/ Controller/ CKEditor5ImageController.php - file.module in core/
modules/ file/ file.module - Defines a "managed_file" Form API field and a "file" field for Field module.
- FileUploadHandler.php in core/
modules/ file/ src/ Upload/ FileUploadHandler.php - FileUploadResource.php in core/
modules/ file/ src/ Plugin/ rest/ resource/ FileUploadResource.php - FileUploadSanitizeNameEventTest.php in core/
tests/ Drupal/ Tests/ Core/ File/ FileUploadSanitizeNameEventTest.php
File
-
core/
lib/ Drupal/ Core/ File/ Event/ FileUploadSanitizeNameEvent.php, line 14
Namespace
Drupal\Core\File\EventView source
class FileUploadSanitizeNameEvent extends Event {
/**
* The name of the file being uploaded.
*
* @var string
*/
protected $filename = '';
/**
* A list of allowed extensions.
*
* @var string[]
*/
protected $allowedExtensions = [];
/**
* Indicates the filename has changed for security reasons.
*
* @var bool
*/
protected $isSecurityRename = FALSE;
/**
* Constructs a file upload sanitize name event object.
*
* @param string $filename
* The full filename (with extension, but not directory) being uploaded.
* @param string $allowed_extensions
* A list of allowed extensions. If empty all extensions are allowed.
*/
public function __construct(string $filename, string $allowed_extensions) {
$this->setFilename($filename);
if ($allowed_extensions !== '') {
$this->allowedExtensions = array_unique(explode(' ', trim(strtolower($allowed_extensions))));
}
}
/**
* Gets the filename.
*
* @return string
* The filename.
*/
public function getFilename() : string {
return $this->filename;
}
/**
* Sets the filename.
*
* @param string $filename
* The filename to use for the uploaded file.
*
* @return $this
*
* @throws \InvalidArgumentException
* Thrown when $filename contains path information.
*/
public function setFilename(string $filename) : self {
if (dirname($filename) !== '.') {
throw new \InvalidArgumentException(sprintf('$filename must be a filename with no path information, "%s" provided', $filename));
}
$this->filename = $filename;
return $this;
}
/**
* Gets the list of allowed extensions.
*
* @return string[]
* The list of allowed extensions.
*/
public function getAllowedExtensions() : array {
return $this->allowedExtensions;
}
/**
* Sets the security rename flag.
*
* @return $this
*/
public function setSecurityRename() : self {
$this->isSecurityRename = TRUE;
return $this;
}
/**
* Gets the security rename flag.
*
* @return bool
* TRUE if there is a rename for security reasons, otherwise FALSE.
*/
public function isSecurityRename() : bool {
return $this->isSecurityRename;
}
/**
* {@inheritdoc}
*
* @throws \RuntimeException
* Thrown whenever this method is called. This event should always be fully
* processed so that SecurityFileUploadEventSubscriber::sanitizeName()
* gets a chance to run.
*
* @see \Drupal\system\EventSubscriber\SecurityFileUploadEventSubscriber
*/
public function stopPropagation() : void {
throw new \RuntimeException('Propagation cannot be stopped for the FileUploadSanitizeNameEvent');
}
}
Members
Title Sort descending | Modifiers | Object type | Summary |
---|---|---|---|
FileUploadSanitizeNameEvent::$allowedExtensions | protected | property | A list of allowed extensions. |
FileUploadSanitizeNameEvent::$filename | protected | property | The name of the file being uploaded. |
FileUploadSanitizeNameEvent::$isSecurityRename | protected | property | Indicates the filename has changed for security reasons. |
FileUploadSanitizeNameEvent::getAllowedExtensions | public | function | Gets the list of allowed extensions. |
FileUploadSanitizeNameEvent::getFilename | public | function | Gets the filename. |
FileUploadSanitizeNameEvent::isSecurityRename | public | function | Gets the security rename flag. |
FileUploadSanitizeNameEvent::setFilename | public | function | Sets the filename. |
FileUploadSanitizeNameEvent::setSecurityRename | public | function | Sets the security rename flag. |
FileUploadSanitizeNameEvent::stopPropagation | public | function | |
FileUploadSanitizeNameEvent::__construct | public | function | Constructs a file upload sanitize name event object. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.