diff -u b/core/modules/config/config.module b/core/modules/config/config.module --- b/core/modules/config/config.module +++ b/core/modules/config/config.module @@ -6,7 +6,6 @@ */ use Drupal\Core\Routing\RouteMatchInterface; -use Drupal\file\FileInterface; /** * Implements hook_help(). @@ -29,9 +28,9 @@ } /** - * Implements hook_file_download(). + * Implements hook_unmanaged_file_download_headers(). */ -function config_file_download($uri) { +function config_unmanaged_file_download_headers($uri) { $scheme = file_uri_scheme($uri); $target = file_uri_target($uri); if ($scheme == 'temporary' && $target == 'config.tar.gz') { @@ -48,9 +47,9 @@ } /** - * Implements hook_unmanaged_file_download_headers(). + * Implements hook_file_download(). */ -function config_unmanaged_file_download_headers($uri) { +function config_file_download($uri) { $scheme = file_uri_scheme($uri); $target = file_uri_target($uri); if ($scheme == 'temporary' && $target == 'config.tar.gz') { reverted: --- b/core/modules/file/src/FileAccessController.php +++ a/core/modules/file/src/FileAccessController.php @@ -23,13 +23,6 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { if ($operation == 'download') { - - // Allow access to non permanent files only to the file owner. I.e. to the - // preview of a just uploaded image. - if (!$entity->isPermanent() && $entity->getOwnerId() != $account->id()) { - return FALSE; - } - foreach ($this->getFileReferences($entity) as $field_name => $entity_map) { foreach ($entity_map as $referencing_entity_type => $referencing_entities) { /** @var \Drupal\Core\Entity\EntityInterface $referencing_entity */ diff -u b/core/modules/file/src/Tests/DownloadTest.php b/core/modules/file/src/Tests/DownloadTest.php --- b/core/modules/file/src/Tests/DownloadTest.php +++ b/core/modules/file/src/Tests/DownloadTest.php @@ -85,7 +85,7 @@ // Test that the file transferred correctly. $this->assertEqual($contents, $this->content, 'Contents of the file are correct.'); - // Deny access to all downloads via a -1 header. + // Deny access to all downloads without header. file_test_set_return('download', NULL); $this->drupalHead($url); $this->assertResponse(403, 'Correctly denied access to a file when no headers are sent.'); diff -u b/core/modules/file/tests/file_test/file_test.module b/core/modules/file/tests/file_test/file_test.module --- b/core/modules/file/tests/file_test/file_test.module +++ b/core/modules/file/tests/file_test/file_test.module @@ -9,7 +9,6 @@ */ use Drupal\file\Entity\File; -use Drupal\file\FileInterface; const FILE_URL_TEST_CDN_1 = 'http://cdn1.example.com'; const FILE_URL_TEST_CDN_2 = 'http://cdn2.example.com'; diff -u b/core/modules/image/image.module b/core/modules/image/image.module --- b/core/modules/image/image.module +++ b/core/modules/image/image.module @@ -8,7 +8,6 @@ use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Routing\RouteMatchInterface; use Drupal\file\Entity\File; -use Drupal\file\FileInterface; use Drupal\field\FieldStorageConfigInterface; use Drupal\field\FieldInstanceConfigInterface; diff -u b/core/modules/image/src/Controller/ImageStyleDownloadController.php b/core/modules/image/src/Controller/ImageStyleDownloadController.php --- b/core/modules/image/src/Controller/ImageStyleDownloadController.php +++ b/core/modules/image/src/Controller/ImageStyleDownloadController.php @@ -110,12 +110,11 @@ if (file_exists($derivative_uri)) { return parent::download($request, $scheme); } - - $headers = $this->getContentHeaders($image_uri); - // If we failed to get valid headers it means the access has not been - // granted. - if (empty($headers)) { - throw new AccessDeniedHttpException(); + else { + $headers = $this->moduleHandler()->invokeAll('file_download', array($image_uri)); + if (in_array(-1, $headers) || empty($headers)) { + throw new AccessDeniedHttpException(); + } } } @@ -123,11 +122,12 @@ if (file_exists($derivative_uri)) { return parent::download($request, $scheme); } - else { - $headers = $this->moduleHandler()->invokeAll('file_download', array($image_uri)); - if (in_array(-1, $headers) || empty($headers)) { - throw new AccessDeniedHttpException(); - } + + $headers = $this->getContentHeaders($image_uri); + // If we failed to get valid headers it means the access has not been + // granted. + if (empty($headers)) { + throw new AccessDeniedHttpException(); } } diff -u b/core/modules/responsive_image/src/Tests/ResponsiveImageFieldDisplayTest.php b/core/modules/responsive_image/src/Tests/ResponsiveImageFieldDisplayTest.php --- b/core/modules/responsive_image/src/Tests/ResponsiveImageFieldDisplayTest.php +++ b/core/modules/responsive_image/src/Tests/ResponsiveImageFieldDisplayTest.php @@ -83,6 +83,7 @@ $this->createImageField($field_name, 'article', array('uri_scheme' => $scheme)); // Create a new node with an image attached. $test_image = current($this->drupalGetTestFiles('image')); + debug($test_image); $nid = $this->uploadNodeImage($test_image, $field_name, 'article'); $node = node_load($nid, TRUE); @@ -112,7 +113,6 @@ $this->createImageField($field_name, 'article', array('uri_scheme' => $scheme)); // Create a new node with an image attached. $test_image = current($this->drupalGetTestFiles('image')); - debug($test_image); $nid = $this->uploadNodeImage($test_image, $field_name, 'article'); $node = node_load($nid, TRUE); diff -u b/core/modules/system/src/FileDownloadController.php b/core/modules/system/src/FileDownloadController.php --- b/core/modules/system/src/FileDownloadController.php +++ b/core/modules/system/src/FileDownloadController.php @@ -8,7 +8,6 @@ namespace Drupal\system; use Drupal\Core\Controller\ControllerBase; -use Drupal\file\FileInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; @@ -50,7 +49,6 @@ $uri = $scheme . '://' . $target; if (file_stream_wrapper_valid_scheme($scheme) && file_exists($uri)) { - if ($headers = $this->getContentHeaders($uri)) { return new BinaryFileResponse($uri, 200, $headers); } diff -u b/core/modules/system/system.api.php b/core/modules/system/system.api.php --- b/core/modules/system/system.api.php +++ b/core/modules/system/system.api.php @@ -1409,24 +1409,20 @@ } /** - * Control access to private file downloads and specify HTTP headers. + * Specify HTTP headers for a unmanaged file's download. * - * This hook allows modules to enforce permissions on file downloads whenever - * Drupal is handling file download, as opposed to the web server bypassing - * Drupal and returning the file from a public directory. Modules can also - * provide headers to specify information like the file's name or MIME type. + * Modules can provide headers to specify information like the file's name or + * MIME type. * - * @param $uri - * The URI of the file. - * @return - * If the user does not have permission to access the file, return -1. If the - * user has permission, return an array with the appropriate headers. If the - * file is not controlled by the current module, the return value should be - * NULL. + * @param string $uri + * The file uri being downloaded. + * @return array|null + * An array with the appropriate headers. If the file is not controlled by the + * current module, the return value should be NULL. * - * @see file_download() + * @see FileDownloadController::download() */ -function hook_file_download($uri) { +function hook_unmanaged_file_download_headers($uri) { // Check to see if this is a config download. $scheme = file_uri_scheme($uri); $target = file_uri_target($uri); @@ -1497,20 +1493,24 @@ } /** - * Specify HTTP headers for a unmanaged file's download. + * Control access to private file downloads and specify HTTP headers. * - * Modules can provide headers to specify information like the file's name or - * MIME type. + * This hook allows modules to enforce permissions on file downloads whenever + * Drupal is handling file download, as opposed to the web server bypassing + * Drupal and returning the file from a public directory. Modules can also + * provide headers to specify information like the file's name or MIME type. * - * @param string $uri - * The file uri being downloaded. - * @return array|null - * An array with the appropriate headers. If the file is not controlled by the - * current module, the return value should be NULL. + * @param $uri + * The URI of the file. + * @return + * If the user does not have permission to access the file, return -1. If the + * user has permission, return an array with the appropriate headers. If the + * file is not controlled by the current module, the return value should be + * NULL. * - * @see FileDownloadController::download() + * @see file_download() */ -function hook_unmanaged_file_download_headers($uri) { +function hook_file_download($uri) { // Check to see if this is a config download. $scheme = file_uri_scheme($uri); $target = file_uri_target($uri); only in patch2: unchanged: --- a/core/modules/file/src/FileAccessControlHandler.php +++ b/core/modules/file/src/FileAccessControlHandler.php @@ -24,6 +24,13 @@ class FileAccessControlHandler extends EntityAccessControlHandler { protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { if ($operation == 'download') { + + // Allow access to non permanent files only to the file owner. I.e. to the + // preview of a just uploaded image. + if (!$entity->isPermanent() && $entity->getOwnerId() != $account->id()) { + return FALSE; + } + foreach ($this->getFileReferences($entity) as $field_name => $entity_map) { foreach ($entity_map as $referencing_entity_type => $referencing_entities) { /** @var \Drupal\Core\Entity\EntityInterface $referencing_entity */