function _filter_html_image_secure_process
Same name in other branches
- 9 core/modules/filter/filter.module \_filter_html_image_secure_process()
- 10 core/modules/filter/filter.module \_filter_html_image_secure_process()
- 11.x core/modules/filter/filter.module \_filter_html_image_secure_process()
Process callback for local image filter.
Related topics
1 call to _filter_html_image_secure_process()
- FilterHtmlImageSecure::process in core/
modules/ filter/ src/ Plugin/ Filter/ FilterHtmlImageSecure.php - Performs the filter processing.
File
-
core/
modules/ filter/ filter.module, line 775
Code
function _filter_html_image_secure_process($text) {
// Find the path (e.g. '/') to Drupal root.
$base_path = base_path();
$base_path_length = mb_strlen($base_path);
// Find the directory on the server where index.php resides.
$local_dir = \Drupal::root() . '/';
$html_dom = Html::load($text);
$images = $html_dom->getElementsByTagName('img');
foreach ($images as $image) {
$src = $image->getAttribute('src');
// Transform absolute image URLs to relative image URLs: prevent problems on
// multisite set-ups and prevent mixed content errors.
$image->setAttribute('src', file_url_transform_relative($src));
// Verify that $src starts with $base_path.
// This also ensures that external images cannot be referenced.
$src = $image->getAttribute('src');
if (mb_substr($src, 0, $base_path_length) === $base_path) {
// Remove the $base_path to get the path relative to the Drupal root.
// Ensure the path refers to an actual image by prefixing the image source
// with the Drupal root and running getimagesize() on it.
$local_image_path = $local_dir . mb_substr($src, $base_path_length);
$local_image_path = rawurldecode($local_image_path);
if (@getimagesize($local_image_path)) {
// The image has the right path. Erroneous images are dealt with below.
continue;
}
}
// Allow modules and themes to replace an invalid image with an error
// indicator. See filter_filter_secure_image_alter().
\Drupal::moduleHandler()->alter('filter_secure_image', $image);
}
$text = Html::serialize($html_dom);
return $text;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.