function TemporaryJsonapiFileFieldUploader::validateAndParseContentDispositionHeader

Same name in other branches
  1. 9 core/modules/jsonapi/src/Controller/TemporaryJsonapiFileFieldUploader.php \Drupal\jsonapi\Controller\TemporaryJsonapiFileFieldUploader::validateAndParseContentDispositionHeader()
  2. 10 core/modules/jsonapi/src/Controller/TemporaryJsonapiFileFieldUploader.php \Drupal\jsonapi\Controller\TemporaryJsonapiFileFieldUploader::validateAndParseContentDispositionHeader()

Validates and extracts the filename from the Content-Disposition header.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request object.

Return value

string The filename extracted from the header.

Throws

\Symfony\Component\HttpKernel\Exception\BadRequestHttpException Thrown when the 'Content-Disposition' request header is invalid.

File

core/modules/jsonapi/src/Controller/TemporaryJsonapiFileFieldUploader.php, line 248

Class

TemporaryJsonapiFileFieldUploader
Reads data from an upload stream and creates a corresponding file entity.

Namespace

Drupal\jsonapi\Controller

Code

public function validateAndParseContentDispositionHeader(Request $request) {
    // First, check the header exists.
    if (!$request->headers
        ->has('content-disposition')) {
        throw new BadRequestHttpException('"Content-Disposition" header is required. A file name in the format "filename=FILENAME" must be provided.');
    }
    $content_disposition = $request->headers
        ->get('content-disposition');
    // Parse the header value. This regex does not allow an empty filename.
    // i.e. 'filename=""'. This also matches on a word boundary so other keys
    // like 'not_a_filename' don't work.
    if (!preg_match(static::REQUEST_HEADER_FILENAME_REGEX, $content_disposition, $matches)) {
        throw new BadRequestHttpException('No filename found in "Content-Disposition" header. A file name in the format "filename=FILENAME" must be provided.');
    }
    // Check for the "filename*" format. This is currently unsupported.
    if (!empty($matches['star'])) {
        throw new BadRequestHttpException('The extended "filename*" format is currently not supported in the "Content-Disposition" header.');
    }
    // Don't validate the actual filename here, that will be done by the upload
    // validators in validate().
    // @see \Drupal\file\Plugin\rest\resource\FileUploadResource::validate()
    $filename = $matches['filename'];
    // Make sure only the filename component is returned. Path information is
    // stripped as per https://tools.ietf.org/html/rfc6266#section-4.3.
    return $this->fileSystem
        ->basename($filename);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.