function _filter_html_image_secure_process

Same name and namespace in other branches
  1. 9 core/modules/filter/filter.module \_filter_html_image_secure_process()
  2. 8.9.x core/modules/filter/filter.module \_filter_html_image_secure_process()
  3. 10 core/modules/filter/filter.module \_filter_html_image_secure_process()

Process callback for local image filter.

Related topics

Standard filters
Filters implemented by the Filter module.
1 call to _filter_html_image_secure_process()
FilterHtmlImageSecure::process in core/modules/filter/src/Plugin/Filter/FilterHtmlImageSecure.php
Performs the filter processing.

File

core/modules/filter/filter.module, line 799

Code

function _filter_html_image_secure_process($text) {
    // Find the path (e.g. '/') to Drupal root.
    $base_path = base_path();
    $base_path_length = mb_strlen($base_path);
    // Find the directory on the server where index.php resides.
    $local_dir = \Drupal::root() . '/';
    $html_dom = Html::load($text);
    $images = $html_dom->getElementsByTagName('img');
    
    /** @var \Drupal\Core\File\FileUrlGeneratorInterface $file_url_generator */
    $file_url_generator = \Drupal::service('file_url_generator');
    foreach ($images as $image) {
        $src = $image->getAttribute('src');
        // Transform absolute image URLs to relative image URLs: prevent problems on
        // multisite set-ups and prevent mixed content errors.
        $image->setAttribute('src', $file_url_generator->transformRelative($src));
        // Verify that $src starts with $base_path.
        // This also ensures that external images cannot be referenced.
        $src = $image->getAttribute('src');
        if (mb_substr($src, 0, $base_path_length) === $base_path) {
            // Remove the $base_path to get the path relative to the Drupal root.
            // Ensure the path refers to an actual image by prefixing the image source
            // with the Drupal root and running getimagesize() on it.
            $local_image_path = $local_dir . mb_substr($src, $base_path_length);
            $local_image_path = rawurldecode($local_image_path);
            if (@getimagesize($local_image_path)) {
                // The image has the right path. Erroneous images are dealt with below.
                continue;
            }
        }
        // Allow modules and themes to replace an invalid image with an error
        // indicator. See filter_filter_secure_image_alter().
        \Drupal::moduleHandler()->alter('filter_secure_image', $image);
    }
    $text = Html::serialize($html_dom);
    return $text;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.