class FileUploadSanitizeNameEvent

Same name in other branches
  1. 9 core/lib/Drupal/Core/File/Event/FileUploadSanitizeNameEvent.php \Drupal\Core\File\Event\FileUploadSanitizeNameEvent
  2. 10 core/lib/Drupal/Core/File/Event/FileUploadSanitizeNameEvent.php \Drupal\Core\File\Event\FileUploadSanitizeNameEvent

An event during file upload that lets subscribers sanitize the filename.

Hierarchy

  • class \Drupal\Component\EventDispatcher\Event extends \Symfony\Contracts\EventDispatcher\Event

Expanded class hierarchy of FileUploadSanitizeNameEvent

See also

\Drupal\file\Upload\FileUploadHandler::handleFileUpload()

\Drupal\file\Plugin\rest\resource\FileUploadResource::prepareFilename()

\Drupal\system\EventSubscriber\SecurityFileUploadEventSubscriber::sanitizeName()

8 files declare their use of FileUploadSanitizeNameEvent
FileEventSubscriber.php in core/modules/file/src/EventSubscriber/FileEventSubscriber.php
FileSanitizationEventSubscriber.php in core/modules/file/tests/modules/file_validator_test/src/EventSubscriber/FileSanitizationEventSubscriber.php
FileUploadHandler.php in core/modules/file/src/Upload/FileUploadHandler.php
FileUploadSanitizeNameEventTest.php in core/tests/Drupal/Tests/Core/File/FileUploadSanitizeNameEventTest.php
SanitizeNameTest.php in core/modules/file/tests/src/Unit/SanitizeNameTest.php

... See full list

File

core/lib/Drupal/Core/File/Event/FileUploadSanitizeNameEvent.php, line 14

Namespace

Drupal\Core\File\Event
View source
class FileUploadSanitizeNameEvent extends Event {
    
    /**
     * The name of the file being uploaded.
     *
     * @var string
     */
    protected $filename = '';
    
    /**
     * A list of allowed extensions.
     *
     * @var string[]
     */
    protected $allowedExtensions = [];
    
    /**
     * Indicates the filename has changed for security reasons.
     *
     * @var bool
     */
    protected $isSecurityRename = FALSE;
    
    /**
     * Constructs a file upload sanitize name event object.
     *
     * @param string $filename
     *   The full filename (with extension, but not directory) being uploaded.
     * @param string $allowed_extensions
     *   A list of allowed extensions. If empty all extensions are allowed.
     */
    public function __construct(string $filename, string $allowed_extensions) {
        $this->setFilename($filename);
        if ($allowed_extensions !== '') {
            $this->allowedExtensions = array_unique(explode(' ', trim(strtolower($allowed_extensions))));
        }
    }
    
    /**
     * Gets the filename.
     *
     * @return string
     *   The filename.
     */
    public function getFilename() : string {
        return $this->filename;
    }
    
    /**
     * Sets the filename.
     *
     * @param string $filename
     *   The filename to use for the uploaded file.
     *
     * @return $this
     *
     * @throws \InvalidArgumentException
     *   Thrown when $filename contains path information.
     */
    public function setFilename(string $filename) : self {
        if (dirname($filename) !== '.') {
            throw new \InvalidArgumentException(sprintf('$filename must be a filename with no path information, "%s" provided', $filename));
        }
        $this->filename = $filename;
        return $this;
    }
    
    /**
     * Gets the list of allowed extensions.
     *
     * @return string[]
     *   The list of allowed extensions.
     */
    public function getAllowedExtensions() : array {
        return $this->allowedExtensions;
    }
    
    /**
     * Sets the security rename flag.
     *
     * @return $this
     */
    public function setSecurityRename() : self {
        $this->isSecurityRename = TRUE;
        return $this;
    }
    
    /**
     * Gets the security rename flag.
     *
     * @return bool
     *   TRUE if there is a rename for security reasons, otherwise FALSE.
     */
    public function isSecurityRename() : bool {
        return $this->isSecurityRename;
    }
    
    /**
     * {@inheritdoc}
     *
     * @throws \RuntimeException
     *   Thrown whenever this method is called. This event should always be fully
     *   processed so that SecurityFileUploadEventSubscriber::sanitizeName()
     *   gets a chance to run.
     *
     * @see \Drupal\system\EventSubscriber\SecurityFileUploadEventSubscriber
     */
    public function stopPropagation() : void {
        throw new \RuntimeException('Propagation cannot be stopped for the FileUploadSanitizeNameEvent');
    }

}

Members

Title Sort descending Modifiers Object type Summary
FileUploadSanitizeNameEvent::$allowedExtensions protected property A list of allowed extensions.
FileUploadSanitizeNameEvent::$filename protected property The name of the file being uploaded.
FileUploadSanitizeNameEvent::$isSecurityRename protected property Indicates the filename has changed for security reasons.
FileUploadSanitizeNameEvent::getAllowedExtensions public function Gets the list of allowed extensions.
FileUploadSanitizeNameEvent::getFilename public function Gets the filename.
FileUploadSanitizeNameEvent::isSecurityRename public function Gets the security rename flag.
FileUploadSanitizeNameEvent::setFilename public function Sets the filename.
FileUploadSanitizeNameEvent::setSecurityRename public function Sets the security rename flag.
FileUploadSanitizeNameEvent::stopPropagation public function
FileUploadSanitizeNameEvent::__construct public function Constructs a file upload sanitize name event object.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.