diff --git a/core/modules/image/src/Controller/ImageStyleDownloadController.php b/core/modules/image/src/Controller/ImageStyleDownloadController.php index c943452b5b..fd57489e38 100644 --- a/core/modules/image/src/Controller/ImageStyleDownloadController.php +++ b/core/modules/image/src/Controller/ImageStyleDownloadController.php @@ -157,15 +157,6 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st $headers = []; - // If not using a public scheme, let other modules provide headers and - // control access to the file. - if (!$is_public) { - $headers = $this->moduleHandler()->invokeAll('file_download', [$image_uri]); - if (in_array(-1, $headers) || empty($headers)) { - throw new AccessDeniedHttpException(); - } - } - // Don't try to generate file if source is missing. if (!$this->sourceImageExists($image_uri, $token_is_valid)) { // If the image style converted the extension, it has been added to the @@ -173,7 +164,7 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st // the actual source image, we remove the extension and check if that // image exists. $path_info = pathinfo(StreamWrapperManager::getTarget($image_uri)); - $converted_image_uri = sprintf('%s://%s%s%s', $this->streamWrapperManager->getScheme($derivative_uri), $path_info['dirname'], DIRECTORY_SEPARATOR, $path_info['filename']); + $converted_image_uri = sprintf('%s://%s%s', $this->streamWrapperManager->getScheme($derivative_uri), $path_info['dirname'] === '.' ? '' : $path_info['dirname'] . DIRECTORY_SEPARATOR, $path_info['filename']); if (!$this->sourceImageExists($converted_image_uri, $token_is_valid)) { $this->logger->notice('Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.', ['%source_image_path' => $image_uri, '%derivative_path' => $derivative_uri]); return new Response($this->t('Error generating image, missing source file.'), 404); @@ -184,6 +175,15 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st } } + // If not using a public scheme, let other modules provide headers and + // control access to the file. + if (!$is_public) { + $headers = $this->moduleHandler()->invokeAll('file_download', [$image_uri]); + if (in_array(-1, $headers) || empty($headers)) { + throw new AccessDeniedHttpException(); + } + } + // Don't start generating the image if the derivative already exists or if // generation is in progress in another thread. if (!file_exists($derivative_uri)) { @@ -207,10 +207,8 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st if ($success) { $image = $this->imageFactory->get($derivative_uri); $uri = $image->getSource(); - $headers += [ - 'Content-Type' => $image->getMimeType(), - 'Content-Length' => $image->getFileSize(), - ]; + $headers['Content-Type'] = $image->getMimeType(); + $headers['Content-Length'] = $image->getFileSize(); // \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond() // sets response as not cacheable if the Cache-Control header is not // already modified. When $is_public is TRUE, the following sets the diff --git a/core/modules/image/tests/src/Functional/ImageStylesPathAndUrlTest.php b/core/modules/image/tests/src/Functional/ImageStylesPathAndUrlTest.php index 6d89a920d8..d261d10057 100644 --- a/core/modules/image/tests/src/Functional/ImageStylesPathAndUrlTest.php +++ b/core/modules/image/tests/src/Functional/ImageStylesPathAndUrlTest.php @@ -119,6 +119,22 @@ public function testImageStyleUrlExtraSlash() { $this->doImageStyleUrlAndPathTests('public', TRUE, TRUE); } + /** + * Test an image style URL with a private file that also gets converted. + */ + public function testImageStylePrivateWithConversion() { + // Add the "convert" image style effect to our style. + $this->style->addImageEffect([ + 'uuid' => '', + 'id' => 'image_convert', + 'weight' => 1, + 'data' => [ + 'extension' => 'jpeg', + ], + ]); + $this->doImageStyleUrlAndPathTests('private'); + } + /** * Tests that an invalid source image returns a 404. */