diff --git a/core/core.services.yml b/core/core.services.yml
index 66a46c6603..51d7d2cd58 100644
--- a/core/core.services.yml
+++ b/core/core.services.yml
@@ -369,9 +369,12 @@ services:
file_system:
class: Drupal\Core\File\FileSystem
arguments: ['@stream_wrapper_manager', '@settings', '@logger.channel.file']
+ file_upload:
+ class: Drupal\Core\File\FileUpload
+ arguments: ['@config.factory', '@messenger']
form_builder:
class: Drupal\Core\Form\FormBuilder
- arguments: ['@form_validator', '@form_submitter', '@form_cache', '@module_handler', '@event_dispatcher', '@request_stack', '@class_resolver', '@element_info', '@theme.manager', '@?csrf_token']
+ arguments: ['@form_validator', '@form_submitter', '@form_cache', '@module_handler', '@event_dispatcher', '@request_stack', '@class_resolver', '@element_info', '@theme.manager', '@file_upload', '@?csrf_token']
form_validator:
class: Drupal\Core\Form\FormValidator
arguments: ['@request_stack', '@string_translation', '@csrf_token', '@logger.channel.form', '@form_error_handler']
diff --git a/core/includes/file.inc b/core/includes/file.inc
index 77a743eab0..765130651b 100644
--- a/core/includes/file.inc
+++ b/core/includes/file.inc
@@ -6,13 +6,12 @@
*/
use Drupal\Component\FileSystem\FileSystem as ComponentFileSystem;
-use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\PhpStorage\FileStorage;
-use Drupal\Component\Utility\Bytes;
+use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\File\FileSystem;
use Drupal\Core\Site\Settings;
-use Drupal\Core\StreamWrapper\PublicStream;
use Drupal\Core\StreamWrapper\PrivateStream;
+use Drupal\Core\StreamWrapper\PublicStream;
/**
* Default mode for new directories. See drupal_chmod().
@@ -702,43 +701,15 @@ function file_unmanaged_move($source, $destination = NULL, $replace = FILE_EXIST
*
* @return string
* The potentially modified $filename.
+ *
+ * @deprecated in Drupal 8.7.0, will be removed before Drupal 9.0.0.
+ * Use \Drupal\Core\File\FileUploadInterface::mungeFilename() instead.
+ *
+ * @see https://www.drupal.org/node/3021652
*/
function file_munge_filename($filename, $extensions, $alerts = TRUE) {
- $original = $filename;
-
- // Allow potentially insecure uploads for very savvy users and admin
- if (!\Drupal::config('system.file')->get('allow_insecure_uploads')) {
- // Remove any null bytes. See
- // http://php.net/manual/security.filesystem.nullbytes.php
- $filename = str_replace(chr(0), '', $filename);
-
- $whitelist = array_unique(explode(' ', strtolower(trim($extensions))));
-
- // Split the filename up by periods. The first part becomes the basename
- // the last part the final extension.
- $filename_parts = explode('.', $filename);
- // Remove file basename.
- $new_filename = array_shift($filename_parts);
- // Remove final extension.
- $final_extension = array_pop($filename_parts);
-
- // Loop through the middle parts of the name and add an underscore to the
- // end of each section that could be a file extension but isn't in the list
- // of allowed extensions.
- foreach ($filename_parts as $filename_part) {
- $new_filename .= '.' . $filename_part;
- if (!in_array(strtolower($filename_part), $whitelist) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
- $new_filename .= '_';
- }
- }
- $filename = $new_filename . '.' . $final_extension;
-
- if ($alerts && $original != $filename) {
- \Drupal::messenger()->addStatus(t('For security reasons, your upload has been renamed to %filename.', ['%filename' => $filename]));
- }
- }
-
- return $filename;
+ @trigger_error('file_munge_filename() is deprecated in Drupal 8.7.0 and will be removed before Drupal 9.0.0. Use \Drupal\Core\File\FileUploadInterface::mungeFilename(). See https://www.drupal.org/node/3021652.', E_USER_DEPRECATED);
+ return \Drupal::service('file_upload')->mungeFilename($filename, $extensions, $alerts);
}
/**
@@ -749,9 +720,15 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) {
*
* @return
* An unmunged filename string.
+ *
+ * @deprecated in Drupal 8.7.0, will be removed before Drupal 9.0.0.
+ * Use \Drupal\Core\File\FileUploadInterface::mungeFilename() instead.
+ *
+ * @see https://www.drupal.org/node/3021652
*/
function file_unmunge_filename($filename) {
- return str_replace('_.', '.', $filename);
+ @trigger_error('file_unmunge_filename() is deprecated in Drupal 8.7.0 and will be removed before Drupal 9.0.0. Use \Drupal\Core\File\FileUploadInterface::unmungeFilename(). See https://www.drupal.org/node/3021652.', E_USER_DEPRECATED);
+ return \Drupal::service('file_upload')->unmungeFilename($filename);
}
/**
@@ -1093,22 +1070,15 @@ function file_scan_directory($dir, $mask, $options = [], $depth = 0) {
* @return
* A file size limit in bytes based on the PHP upload_max_filesize and
* post_max_size
+ *
+ * @deprecated in Drupal 8.7.0, will be removed before Drupal 9.0.0.
+ * Use \Drupal\Core\File\FileUploadInterface::getUploadMaxSize() instead.
+ *
+ * @see https://www.drupal.org/node/3021652
*/
function file_upload_max_size() {
- static $max_size = -1;
-
- if ($max_size < 0) {
- // Start with post_max_size.
- $max_size = Bytes::toInt(ini_get('post_max_size'));
-
- // If upload_max_size is less, then reduce. Except if upload_max_size is
- // zero, which indicates no limit.
- $upload_max = Bytes::toInt(ini_get('upload_max_filesize'));
- if ($upload_max > 0 && $upload_max < $max_size) {
- $max_size = $upload_max;
- }
- }
- return $max_size;
+ @trigger_error('file_upload_max_size() is deprecated in Drupal 8.7.0 and will be removed before Drupal 9.0.0. Use \Drupal\Core\File\FileUploadInterface::getUploadMaxSize(). See https://www.drupal.org/node/3021652.', E_USER_DEPRECATED);
+ return \Drupal::service('file_upload')->getUploadMaxSize();
}
/**
diff --git a/core/lib/Drupal/Core/File/FileUpload.php b/core/lib/Drupal/Core/File/FileUpload.php
new file mode 100644
index 0000000000..fafeac50be
--- /dev/null
+++ b/core/lib/Drupal/Core/File/FileUpload.php
@@ -0,0 +1,110 @@
+config = $configFactory->get('system.file');
+ $this->messenger = $messenger;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function mungeFilename($filename, $extensions, $alerts = TRUE) {
+ $original = $filename;
+
+ // Allow potentially insecure uploads for very savvy users and admin.
+ if (!$this->config->get('allow_insecure_uploads')) {
+ // Remove any null bytes. See
+ // http://php.net/manual/security.filesystem.nullbytes.php
+ $filename = str_replace(chr(0), '', $filename);
+
+ $whitelist = array_unique(explode(' ', strtolower(trim($extensions))));
+
+ // Split the filename up by periods. The first part becomes the basename
+ // the last part the final extension.
+ $filename_parts = explode('.', $filename);
+ // Remove file basename.
+ $new_filename = array_shift($filename_parts);
+ // Remove final extension.
+ $final_extension = array_pop($filename_parts);
+
+ // Loop through the middle parts of the name and add an underscore to the
+ // end of each section that could be a file extension but isn't in the
+ // list of allowed extensions.
+ foreach ($filename_parts as $filename_part) {
+ $new_filename .= '.' . $filename_part;
+ if (!in_array(strtolower($filename_part), $whitelist) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
+ $new_filename .= '_';
+ }
+ }
+ $filename = $new_filename . '.' . $final_extension;
+
+ if ($alerts && $original != $filename) {
+ $this->messenger->addStatus(t('For security reasons, your upload has been renamed to %filename.', ['%filename' => $filename]));
+ }
+ }
+
+ return $filename;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function unmungeFilename($filename) {
+ return str_replace('_.', '.', $filename);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function getUploadMaxSize() {
+ static $max_size = -1;
+
+ if ($max_size < 0) {
+ // Start with post_max_size.
+ $max_size = Bytes::toInt(ini_get('post_max_size'));
+
+ // If upload_max_size is less, then reduce. Except if upload_max_size is
+ // zero, which indicates no limit.
+ $upload_max = Bytes::toInt(ini_get('upload_max_filesize'));
+ if ($upload_max > 0 && $upload_max < $max_size) {
+ $max_size = $upload_max;
+ }
+ }
+ return $max_size;
+ }
+
+}
diff --git a/core/lib/Drupal/Core/File/FileUploadInterface.php b/core/lib/Drupal/Core/File/FileUploadInterface.php
new file mode 100644
index 0000000000..142f63c764
--- /dev/null
+++ b/core/lib/Drupal/Core/File/FileUploadInterface.php
@@ -0,0 +1,65 @@
+addStatus() will be called to display
+ * a message if the file name was changed.
+ *
+ * @return string
+ * The potentially modified $filename.
+ */
+ public function mungeFilename($filename, $extensions, $alerts = TRUE);
+
+ /**
+ * Undoes the effect of mungeFilename().
+ *
+ * @param string $filename
+ * String with the filename to be unmunged.
+ *
+ * @return string
+ * An unmunged filename string.
+ */
+ public function unmungeFilename($filename);
+
+ /**
+ * Determines the maximum file upload size by querying the PHP settings.
+ *
+ * @return int
+ * A file size limit in bytes based on the PHP upload_max_filesize and
+ * post_max_size
+ */
+ public function getUploadMaxSize();
+
+}
diff --git a/core/lib/Drupal/Core/Form/FormBuilder.php b/core/lib/Drupal/Core/Form/FormBuilder.php
index d64c1df5b8..771ca02d86 100644
--- a/core/lib/Drupal/Core/Form/FormBuilder.php
+++ b/core/lib/Drupal/Core/Form/FormBuilder.php
@@ -11,6 +11,7 @@
use Drupal\Core\DependencyInjection\ClassResolverInterface;
use Drupal\Core\EventSubscriber\MainContentViewSubscriber;
use Drupal\Core\Extension\ModuleHandlerInterface;
+use Drupal\Core\File\FileUploadInterface;
use Drupal\Core\Form\Exception\BrokenPostRequestException;
use Drupal\Core\Render\Element;
use Drupal\Core\Render\ElementInfoManagerInterface;
@@ -104,6 +105,13 @@ class FormBuilder implements FormBuilderInterface, FormValidatorInterface, FormS
*/
protected $formCache;
+ /**
+ * The file upload service.
+ *
+ * @var \Drupal\Core\File\FileUploadInterface
+ */
+ protected $fileUpload;
+
/**
* Defines element value callables which are safe to run even when the form
* state has an invalid CSRF token.
@@ -164,10 +172,12 @@ class FormBuilder implements FormBuilderInterface, FormValidatorInterface, FormS
* The element info manager.
* @param \Drupal\Core\Theme\ThemeManagerInterface $theme_manager
* The theme manager.
+ * @param \Drupal\Core\File\FileUploadInterface $file_upload
+ * The file upload service.
* @param \Drupal\Core\Access\CsrfTokenGenerator $csrf_token
* The CSRF token generator.
*/
- public function __construct(FormValidatorInterface $form_validator, FormSubmitterInterface $form_submitter, FormCacheInterface $form_cache, ModuleHandlerInterface $module_handler, EventDispatcherInterface $event_dispatcher, RequestStack $request_stack, ClassResolverInterface $class_resolver, ElementInfoManagerInterface $element_info, ThemeManagerInterface $theme_manager, CsrfTokenGenerator $csrf_token = NULL) {
+ public function __construct(FormValidatorInterface $form_validator, FormSubmitterInterface $form_submitter, FormCacheInterface $form_cache, ModuleHandlerInterface $module_handler, EventDispatcherInterface $event_dispatcher, RequestStack $request_stack, ClassResolverInterface $class_resolver, ElementInfoManagerInterface $element_info, ThemeManagerInterface $theme_manager, FileUploadInterface $file_upload, CsrfTokenGenerator $csrf_token = NULL) {
$this->formValidator = $form_validator;
$this->formSubmitter = $form_submitter;
$this->formCache = $form_cache;
@@ -178,6 +188,7 @@ public function __construct(FormValidatorInterface $form_validator, FormSubmitte
$this->elementInfo = $element_info;
$this->csrfToken = $csrf_token;
$this->themeManager = $theme_manager;
+ $this->fileUpload = $file_upload;
}
/**
@@ -321,7 +332,7 @@ public function buildForm($form_id, FormStateInterface &$form_state) {
// (post_max_size), the post request is potentially broken. Add some
// protection against that and at the same time have a nice error message.
if ($ajax_form_request && !$request->request->has('form_id')) {
- throw new BrokenPostRequestException($this->getFileUploadMaxSize());
+ throw new BrokenPostRequestException($this->fileUpload->getUploadMaxSize());
}
// After processing the form, if this is an AJAX form request, interrupt
@@ -1382,17 +1393,6 @@ protected function buttonWasClicked($element, FormStateInterface &$form_state) {
return FALSE;
}
- /**
- * Wraps file_upload_max_size().
- *
- * @return string
- * A translated string representation of the size of the file size limit
- * based on the PHP upload_max_filesize and post_max_size.
- */
- protected function getFileUploadMaxSize() {
- return file_upload_max_size();
- }
-
/**
* Gets the current active user.
*
diff --git a/core/modules/editor/editor.admin.inc b/core/modules/editor/editor.admin.inc
index f91db4b961..523ebcab90 100644
--- a/core/modules/editor/editor.admin.inc
+++ b/core/modules/editor/editor.admin.inc
@@ -77,7 +77,7 @@ function editor_image_upload_settings_form(Editor $editor) {
'#states' => $show_if_image_uploads_enabled,
];
- $default_max_size = format_size(file_upload_max_size());
+ $default_max_size = format_size(\Drupal::service('file_upload')->getUploadMaxSize());
$form['max_size'] = [
'#type' => 'textfield',
'#default_value' => $image_upload['max_size'],
diff --git a/core/modules/editor/src/Form/EditorImageDialog.php b/core/modules/editor/src/Form/EditorImageDialog.php
index dad2e67120..1b4d2c6f03 100644
--- a/core/modules/editor/src/Form/EditorImageDialog.php
+++ b/core/modules/editor/src/Form/EditorImageDialog.php
@@ -3,6 +3,7 @@
namespace Drupal\editor\Form;
use Drupal\Component\Utility\Bytes;
+use Drupal\Core\File\FileUploadInterface;
use Drupal\Core\Form\FormBase;
use Drupal\Core\Form\FormStateInterface;
use Drupal\editor\Entity\Editor;
@@ -27,14 +28,24 @@ class EditorImageDialog extends FormBase {
*/
protected $fileStorage;
+ /**
+ * The file upload service.
+ *
+ * @var \Drupal\Core\File\FileUploadInterface
+ */
+ protected $fileUpload;
+
/**
* Constructs a form object for image dialog.
*
* @param \Drupal\Core\Entity\EntityStorageInterface $file_storage
* The file storage service.
+ * @param \Drupal\Core\File\FileUploadInterface $file_upload
+ * The file upload service.
*/
- public function __construct(EntityStorageInterface $file_storage) {
+ public function __construct(EntityStorageInterface $file_storage, FileUploadInterface $file_upload) {
$this->fileStorage = $file_storage;
+ $this->fileUpload = $file_upload;
}
/**
@@ -42,7 +53,8 @@ public function __construct(EntityStorageInterface $file_storage) {
*/
public static function create(ContainerInterface $container) {
return new static(
- $container->get('entity.manager')->getStorage('file')
+ $container->get('entity.manager')->getStorage('file'),
+ $container->get('file_upload')
);
}
@@ -91,7 +103,7 @@ public function buildForm(array $form, FormStateInterface $form_state, Editor $e
else {
$max_dimensions = 0;
}
- $max_filesize = min(Bytes::toInt($image_upload['max_size']), file_upload_max_size());
+ $max_filesize = min(Bytes::toInt($image_upload['max_size']), $this->fileUpload->getUploadMaxSize());
$existing_file = isset($image_element['data-entity-uuid']) ? \Drupal::entityManager()->loadEntityByUuid('file', $image_element['data-entity-uuid']) : NULL;
$fid = $existing_file ? $existing_file->id() : NULL;
diff --git a/core/modules/editor/tests/src/Kernel/EditorImageDialogTest.php b/core/modules/editor/tests/src/Kernel/EditorImageDialogTest.php
index 6500d1adef..7a40d97245 100644
--- a/core/modules/editor/tests/src/Kernel/EditorImageDialogTest.php
+++ b/core/modules/editor/tests/src/Kernel/EditorImageDialogTest.php
@@ -108,7 +108,7 @@ public function testEditorImageDialog() {
->addBuildInfo('args', [$this->editor]);
$form_builder = $this->container->get('form_builder');
- $form_object = new EditorImageDialog(\Drupal::entityManager()->getStorage('file'));
+ $form_object = new EditorImageDialog(\Drupal::entityManager()->getStorage('file'), \Drupal::service('file_upload'));
$form_id = $form_builder->getFormId($form_object, $form_state);
$form = $form_builder->retrieveForm($form_id, $form_state);
$form_builder->prepareForm($form_id, $form, $form_state);
diff --git a/core/modules/file/file.module b/core/modules/file/file.module
index df9a7f5e4b..586cce6c56 100644
--- a/core/modules/file/file.module
+++ b/core/modules/file/file.module
@@ -930,7 +930,7 @@ function _file_save_upload_single(\SplFileInfo $file_info, $form_field_name, $va
switch ($file_info->getError()) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
- \Drupal::messenger()->addError(t('The file %file could not be saved because it exceeds %maxsize, the maximum allowed size for uploads.', ['%file' => $file_info->getFilename(), '%maxsize' => format_size(file_upload_max_size())]));
+ \Drupal::messenger()->addError(t('The file %file could not be saved because it exceeds %maxsize, the maximum allowed size for uploads.', ['%file' => $file_info->getFilename(), '%maxsize' => format_size(\Drupal::service('file_upload')->getUploadMaxSize())]));
return FALSE;
case UPLOAD_ERR_PARTIAL:
@@ -986,7 +986,7 @@ function _file_save_upload_single(\SplFileInfo $file_info, $form_field_name, $va
if (!empty($extensions)) {
// Munge the filename to protect against possible malicious extension
// hiding within an unknown file type (ie: filename.html.foo).
- $file->setFilename(file_munge_filename($file->getFilename(), $extensions));
+ $file->setFilename(\Drupal::service('file_upload')->mungeFilename($file->getFilename(), $extensions));
}
// Rename potentially executable files, to help prevent exploits (i.e. will
diff --git a/core/modules/file/src/Plugin/Field/FieldType/FileItem.php b/core/modules/file/src/Plugin/Field/FieldType/FileItem.php
index 542be122df..787244e271 100644
--- a/core/modules/file/src/Plugin/Field/FieldType/FileItem.php
+++ b/core/modules/file/src/Plugin/Field/FieldType/FileItem.php
@@ -177,7 +177,7 @@ public function fieldSettingsForm(array $form, FormStateInterface $form_state) {
'#type' => 'textfield',
'#title' => t('Maximum upload size'),
'#default_value' => $settings['max_filesize'],
- '#description' => t('Enter a value like "512" (bytes), "80 KB" (kilobytes) or "50 MB" (megabytes) in order to restrict the allowed file size. If left empty the file sizes will be limited only by PHP\'s maximum post and file upload sizes (current limit %limit).', ['%limit' => format_size(file_upload_max_size())]),
+ '#description' => t('Enter a value like "512" (bytes), "80 KB" (kilobytes) or "50 MB" (megabytes) in order to restrict the allowed file size. If left empty the file sizes will be limited only by PHP\'s maximum post and file upload sizes (current limit %limit).', ['%limit' => format_size(\Drupal::service('file_upload')->getUploadMaxSize())]),
'#size' => 10,
'#element_validate' => [[get_class($this), 'validateMaxFilesize']],
'#weight' => 5,
@@ -300,7 +300,7 @@ public function getUploadValidators() {
$settings = $this->getSettings();
// Cap the upload size according to the PHP limit.
- $max_filesize = Bytes::toInt(file_upload_max_size());
+ $max_filesize = Bytes::toInt(\Drupal::service('file_upload')->getUploadMaxSize());
if (!empty($settings['max_filesize'])) {
$max_filesize = min($max_filesize, Bytes::toInt($settings['max_filesize']));
}
diff --git a/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php b/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
index 44600369df..1031bad5dc 100644
--- a/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
+++ b/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
@@ -2,33 +2,34 @@
namespace Drupal\file\Plugin\rest\resource;
+use Drupal\Component\Render\PlainTextOutput;
use Drupal\Component\Utility\Bytes;
use Drupal\Component\Utility\Crypt;
use Drupal\Core\Config\Config;
+use Drupal\Core\Entity\EntityFieldManagerInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\File\FileSystemInterface;
+use Drupal\Core\File\FileUploadInterface;
use Drupal\Core\Lock\LockBackendInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Utility\Token;
+use Drupal\file\Entity\File;
use Drupal\file\FileInterface;
use Drupal\rest\ModifiedResourceResponse;
use Drupal\rest\Plugin\ResourceBase;
-use Drupal\Component\Render\PlainTextOutput;
-use Drupal\Core\Entity\EntityFieldManagerInterface;
-use Drupal\file\Entity\File;
use Drupal\rest\Plugin\rest\resource\EntityResourceValidationTrait;
use Drupal\rest\RequestHandler;
use Psr\Log\LoggerInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\File\MimeType\MimeTypeGuesserInterface;
+use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException;
use Symfony\Component\Routing\Route;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpKernel\Exception\HttpException;
/**
* File upload resource.
@@ -124,6 +125,13 @@ class FileUploadResource extends ResourceBase {
*/
protected $systemFileConfig;
+ /**
+ * The file upload service.
+ *
+ * @var \Drupal\Core\File\FileUploadInterface
+ */
+ protected $fileUpload;
+
/**
* Constructs a FileUploadResource instance.
*
@@ -153,8 +161,10 @@ class FileUploadResource extends ResourceBase {
* The lock service.
* @param \Drupal\Core\Config\Config $system_file_config
* The system file configuration.
+ * @param \Drupal\Core\File\FileUploadInterface $file_upload
+ * The file upload service.
*/
- public function __construct(array $configuration, $plugin_id, $plugin_definition, $serializer_formats, LoggerInterface $logger, FileSystemInterface $file_system, EntityTypeManagerInterface $entity_type_manager, EntityFieldManagerInterface $entity_field_manager, AccountInterface $current_user, MimeTypeGuesserInterface $mime_type_guesser, Token $token, LockBackendInterface $lock, Config $system_file_config) {
+ public function __construct(array $configuration, $plugin_id, $plugin_definition, $serializer_formats, LoggerInterface $logger, FileSystemInterface $file_system, EntityTypeManagerInterface $entity_type_manager, EntityFieldManagerInterface $entity_field_manager, AccountInterface $current_user, MimeTypeGuesserInterface $mime_type_guesser, Token $token, LockBackendInterface $lock, Config $system_file_config, FileUploadInterface $file_upload) {
parent::__construct($configuration, $plugin_id, $plugin_definition, $serializer_formats, $logger);
$this->fileSystem = $file_system;
$this->entityTypeManager = $entity_type_manager;
@@ -164,6 +174,7 @@ public function __construct(array $configuration, $plugin_id, $plugin_definition
$this->token = $token;
$this->lock = $lock;
$this->systemFileConfig = $system_file_config;
+ $this->fileUpload = $file_upload;
}
/**
@@ -183,7 +194,8 @@ public static function create(ContainerInterface $container, array $configuratio
$container->get('file.mime_type.guesser'),
$container->get('token'),
$container->get('lock'),
- $container->get('config.factory')->get('system.file')
+ $container->get('config.factory')->get('system.file'),
+ $container->get('file_upload')
);
}
@@ -463,7 +475,7 @@ protected function prepareFilename($filename, array &$validators) {
// valid extensions, munge the filename to protect against possible
// malicious extension hiding within an unknown file type. For example,
// "filename.html.foo".
- $filename = file_munge_filename($filename, $validators['file_validate_extensions'][0]);
+ $filename = $this->fileUpload->mungeFilename($filename, $validators['file_validate_extensions'][0]);
}
// Rename potentially executable files, to help prevent exploits (i.e. will
@@ -524,7 +536,7 @@ protected function getUploadValidators(FieldDefinitionInterface $field_definitio
$settings = $field_definition->getSettings();
// Cap the upload size according to the PHP limit.
- $max_filesize = Bytes::toInt(file_upload_max_size());
+ $max_filesize = Bytes::toInt($this->fileUpload->getUploadMaxSize());
if (!empty($settings['max_filesize'])) {
$max_filesize = min($max_filesize, Bytes::toInt($settings['max_filesize']));
}
diff --git a/core/modules/locale/src/Form/ImportForm.php b/core/modules/locale/src/Form/ImportForm.php
index 122093ae69..1c324dc502 100644
--- a/core/modules/locale/src/Form/ImportForm.php
+++ b/core/modules/locale/src/Form/ImportForm.php
@@ -2,6 +2,7 @@
namespace Drupal\locale\Form;
+use Drupal\Core\File\FileUploadInterface;
use Drupal\Core\Form\FormBase;
use Drupal\Core\Extension\ModuleHandlerInterface;
use Drupal\Core\Form\FormStateInterface;
@@ -38,14 +39,11 @@ class ImportForm extends FormBase {
protected $languageManager;
/**
- * {@inheritdoc}
+ * The file upload service.
+ *
+ * @var \Drupal\Core\File\FileUploadInterface
*/
- public static function create(ContainerInterface $container) {
- return new static(
- $container->get('module_handler'),
- $container->get('language_manager')
- );
- }
+ protected $fileUpload;
/**
* Constructs a form for language import.
@@ -54,10 +52,24 @@ public static function create(ContainerInterface $container) {
* The module handler service.
* @param \Drupal\language\ConfigurableLanguageManagerInterface $language_manager
* The configurable language manager.
+ * @param \Drupal\Core\File\FileUploadInterface $file_upload
+ * The file upload service.
*/
- public function __construct(ModuleHandlerInterface $module_handler, ConfigurableLanguageManagerInterface $language_manager) {
+ public function __construct(ModuleHandlerInterface $module_handler, ConfigurableLanguageManagerInterface $language_manager, FileUploadInterface $file_upload) {
$this->moduleHandler = $module_handler;
$this->languageManager = $language_manager;
+ $this->fileUpload = $file_upload;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public static function create(ContainerInterface $container) {
+ return new static(
+ $container->get('module_handler'),
+ $container->get('language_manager'),
+ $container->get('file_upload')
+ );
}
/**
@@ -99,7 +111,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
$validators = [
'file_validate_extensions' => ['po'],
- 'file_validate_size' => [file_upload_max_size()],
+ 'file_validate_size' => [$this->fileUpload->getUploadMaxSize()],
];
$form['file'] = [
'#type' => 'file',
diff --git a/core/modules/media_library/src/Form/MediaLibraryUploadForm.php b/core/modules/media_library/src/Form/MediaLibraryUploadForm.php
index e897a2178c..e844da9f87 100644
--- a/core/modules/media_library/src/Form/MediaLibraryUploadForm.php
+++ b/core/modules/media_library/src/Form/MediaLibraryUploadForm.php
@@ -10,6 +10,7 @@
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Field\FieldStorageDefinitionInterface;
use Drupal\Core\Field\TypedData\FieldItemDataDefinition;
+use Drupal\Core\File\FileUploadInterface;
use Drupal\Core\Form\FormBase;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Render\ElementInfoManagerInterface;
@@ -70,6 +71,13 @@ class MediaLibraryUploadForm extends FormBase {
*/
protected $mediumStyleExists = FALSE;
+ /**
+ * The file upload service.
+ *
+ * @var \Drupal\Core\File\FileUploadInterface
+ */
+ protected $fileUpload;
+
/**
* Constructs a new MediaLibraryUploadForm.
*
@@ -77,11 +85,14 @@ class MediaLibraryUploadForm extends FormBase {
* The entity type manager.
* @param \Drupal\Core\Render\ElementInfoManagerInterface $element_info
* The element info manager.
+ * @param \Drupal\Core\File\FileUploadInterface $file_upload
+ * The file upload service.
*/
- public function __construct(EntityTypeManagerInterface $entity_type_manager, ElementInfoManagerInterface $element_info) {
+ public function __construct(EntityTypeManagerInterface $entity_type_manager, ElementInfoManagerInterface $element_info, FileUploadInterface $file_upload) {
$this->entityTypeManager = $entity_type_manager;
$this->elementInfo = $element_info;
$this->mediumStyleExists = !empty($entity_type_manager->getStorage('image_style')->load('medium'));
+ $this->fileUpload = $file_upload;
}
/**
@@ -90,7 +101,8 @@ public function __construct(EntityTypeManagerInterface $entity_type_manager, Ele
public static function create(ContainerInterface $container) {
return new static(
$container->get('entity_type.manager'),
- $container->get('element_info')
+ $container->get('element_info'),
+ $container->get('file_upload')
);
}
@@ -560,7 +572,7 @@ protected function mergeUploadValidators(array $types) {
}
// If no field defines a max size, default to the system wide setting.
if ($max_size === 0) {
- $max_size = file_upload_max_size();
+ $max_size = $this->fileUpload->getUploadMaxSize();
}
return [
'file_validate_extensions' => [implode(' ', $extensions)],
diff --git a/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php b/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php
index 3cf351b031..c91f495d88 100644
--- a/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php
+++ b/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php
@@ -37,7 +37,7 @@ protected function setUp() {
public function testMunging() {
// Disable insecure uploads.
$this->config('system.file')->set('allow_insecure_uploads', 0)->save();
- $munged_name = file_munge_filename($this->name, '', TRUE);
+ $munged_name = \Drupal::service('file_upload')->mungeFilename($this->name, '', TRUE);
$messages = \Drupal::messenger()->all();
\Drupal::messenger()->deleteAll();
$this->assertTrue(in_array(strtr('For security reasons, your upload has been renamed to %filename.', ['%filename' => $munged_name]), $messages['status']), 'Alert properly set when a file is renamed.');
@@ -50,7 +50,7 @@ public function testMunging() {
public function testMungeNullByte() {
$prefix = $this->randomMachineName();
$filename = $prefix . '.' . $this->badExtension . "\0.txt";
- $this->assertEqual(file_munge_filename($filename, ''), $prefix . '.' . $this->badExtension . '_.txt', 'A filename with a null byte is correctly munged to remove the null byte.');
+ $this->assertEqual(\Drupal::service('file_upload')->mungeFilename($filename, ''), $prefix . '.' . $this->badExtension . '_.txt', 'A filename with a null byte is correctly munged to remove the null byte.');
}
/**
@@ -59,20 +59,22 @@ public function testMungeNullByte() {
*/
public function testMungeIgnoreInsecure() {
$this->config('system.file')->set('allow_insecure_uploads', 1)->save();
- $munged_name = file_munge_filename($this->name, '');
+ $munged_name = \Drupal::service('file_upload')->mungeFilename($this->name, '');
$this->assertSame($munged_name, $this->name, format_string('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', ['%munged' => $munged_name, '%original' => $this->name]));
}
/**
- * White listed extensions are ignored by file_munge_filename().
+ * White listed extensions are ignored by \Drupal::service('file_upload')->mungeFilename().
*/
public function testMungeIgnoreWhitelisted() {
// Declare our extension as whitelisted. The declared extensions should
// be case insensitive so test using one with a different case.
- $munged_name = file_munge_filename($this->nameWithUcExt, $this->badExtension);
+ /** @var \Drupal\Core\File\FileUploadInterface $file_upload */
+ $file_upload = \Drupal::service('file_upload');
+ $munged_name = $file_upload->mungeFilename($this->nameWithUcExt, $this->badExtension);
$this->assertSame($munged_name, $this->nameWithUcExt, format_string('The new filename (%munged) matches the original (%original) once the extension has been whitelisted.', ['%munged' => $munged_name, '%original' => $this->nameWithUcExt]));
// The allowed extensions should also be normalized.
- $munged_name = file_munge_filename($this->name, strtoupper($this->badExtension));
+ $munged_name = $file_upload->mungeFilename($this->name, strtoupper($this->badExtension));
$this->assertSame($munged_name, $this->name, format_string('The new filename (%munged) matches the original (%original) also when the whitelisted extension is in uppercase.', ['%munged' => $munged_name, '%original' => $this->name]));
}
@@ -80,8 +82,10 @@ public function testMungeIgnoreWhitelisted() {
* Ensure that unmunge gets your name back.
*/
public function testUnMunge() {
- $munged_name = file_munge_filename($this->name, '', FALSE);
- $unmunged_name = file_unmunge_filename($munged_name);
+ /** @var \Drupal\Core\File\FileUploadInterface $file_upload */
+ $file_upload = \Drupal::service('file_upload');
+ $munged_name = $file_upload->mungeFilename($this->name, '', FALSE);
+ $unmunged_name = $file_upload->unmungeFilename($munged_name);
$this->assertSame($unmunged_name, $this->name, format_string('The unmunged (%unmunged) filename matches the original (%original)', ['%unmunged' => $unmunged_name, '%original' => $this->name]));
}
diff --git a/core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php b/core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php
index 8d20db5c3f..55161190b8 100644
--- a/core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php
+++ b/core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php
@@ -532,19 +532,16 @@ public function testFormCacheDeletionUncached() {
*/
public function testExceededFileSize() {
$request = new Request([FormBuilderInterface::AJAX_FORM_REQUEST => TRUE]);
- $request_stack = new RequestStack();
- $request_stack->push($request);
- $this->formBuilder = $this->getMockBuilder('\Drupal\Core\Form\FormBuilder')
- ->setConstructorArgs([$this->formValidator, $this->formSubmitter, $this->formCache, $this->moduleHandler, $this->eventDispatcher, $request_stack, $this->classResolver, $this->elementInfo, $this->themeManager, $this->csrfToken])
- ->setMethods(['getFileUploadMaxSize'])
- ->getMock();
- $this->formBuilder->expects($this->once())
- ->method('getFileUploadMaxSize')
+ $this->requestStack = new RequestStack();
+ $this->requestStack->push($request);
+ $this->fileUpload->expects($this->once())
+ ->method('getUploadMaxSize')
->willReturn(33554432);
-
$form_arg = $this->getMockForm('test_form_id');
$form_state = new FormState();
+ $this->formBuilder = new FormBuilder($this->formValidator, $this->formSubmitter, $this->formCache, $this->moduleHandler, $this->eventDispatcher, $this->requestStack, $this->classResolver, $this->elementInfo, $this->themeManager, $this->fileUpload, $this->csrfToken);
+
$this->setExpectedException(BrokenPostRequestException::class);
$this->formBuilder->buildForm($form_arg, $form_state);
}
diff --git a/core/tests/Drupal/Tests/Core/Form/FormTestBase.php b/core/tests/Drupal/Tests/Core/Form/FormTestBase.php
index ef08ab77e2..37a779e4b6 100644
--- a/core/tests/Drupal/Tests/Core/Form/FormTestBase.php
+++ b/core/tests/Drupal/Tests/Core/Form/FormTestBase.php
@@ -3,6 +3,7 @@
namespace Drupal\Tests\Core\Form;
use Drupal\Component\Utility\Html;
+use Drupal\Core\File\FileUploadInterface;
use Drupal\Core\Form\FormBuilder;
use Drupal\Core\Form\FormInterface;
use Drupal\Core\Form\FormState;
@@ -141,6 +142,13 @@ abstract class FormTestBase extends UnitTestCase {
*/
protected $themeManager;
+ /**
+ * The file upload service.
+ *
+ * @var \Drupal\Core\File\FileUploadInterface|\PHPUnit_Framework_MockObject_MockObject
+ */
+ protected $fileUpload;
+
/**
* {@inheritdoc}
*/
@@ -189,7 +197,9 @@ protected function setUp() {
->getMock();
$this->root = dirname(dirname(substr(__DIR__, 0, -strlen(__NAMESPACE__))));
- $this->formBuilder = new FormBuilder($this->formValidator, $this->formSubmitter, $this->formCache, $this->moduleHandler, $this->eventDispatcher, $this->requestStack, $this->classResolver, $this->elementInfo, $this->themeManager, $this->csrfToken);
+ $this->fileUpload = $this->createMock(FileUploadInterface::class);
+
+ $this->formBuilder = new FormBuilder($this->formValidator, $this->formSubmitter, $this->formCache, $this->moduleHandler, $this->eventDispatcher, $this->requestStack, $this->classResolver, $this->elementInfo, $this->themeManager, $this->fileUpload, $this->csrfToken);
}
/**