Skip to content
Snippets Groups Projects
Commit 8316205e authored by Alex Pott's avatar Alex Pott
Browse files

Issue #2702227 by claudiu.cristea, jeroen.b, marco.giaco: Image styles for...

Issue #2702227 by claudiu.cristea, jeroen.b, marco.giaco: Image styles for private files are serving the original instead of derivative

(cherry picked from commit bba2fda3)
parent 81499c2e
No related branches found
No related tags found
No related merge requests found
......@@ -113,14 +113,9 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st
// If using the private scheme, let other modules provide headers and
// control access to the file.
if ($scheme == 'private') {
if (file_exists($derivative_uri)) {
return parent::download($request, $scheme);
}
else {
$headers = $this->moduleHandler()->invokeAll('file_download', array($image_uri));
if (in_array(-1, $headers) || empty($headers)) {
throw new AccessDeniedHttpException();
}
$headers = $this->moduleHandler()->invokeAll('file_download', array($image_uri));
if (in_array(-1, $headers) || empty($headers)) {
throw new AccessDeniedHttpException();
}
}
......
......@@ -155,6 +155,11 @@ function doImageStyleUrlAndPathTests($scheme, $clean_url = TRUE, $extra_slash =
$image = $this->container->get('image.factory')->get($generated_uri);
$this->assertEqual($this->drupalGetHeader('Content-Type'), $image->getMimeType(), 'Expected Content-Type was reported.');
$this->assertEqual($this->drupalGetHeader('Content-Length'), $image->getFileSize(), 'Expected Content-Length was reported.');
// Check that we did not download the original file.
$original_image = $this->container->get('image.factory')->get($original_uri);
$this->assertNotEqual($this->drupalGetHeader('Content-Length'), $original_image->getFileSize());
if ($scheme == 'private') {
$this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
$this->assertNotEqual(strpos($this->drupalGetHeader('Cache-Control'), 'no-cache'), FALSE, 'Cache-Control header contains \'no-cache\' to prevent caching.');
......@@ -165,6 +170,12 @@ function doImageStyleUrlAndPathTests($scheme, $clean_url = TRUE, $extra_slash =
$this->drupalGet($generate_url);
$this->assertResponse(200, 'Image was generated at the URL.');
// Check that the second request also returned the generated image.
$this->assertEqual($this->drupalGetHeader('Content-Length'), $image->getFileSize());
// Check that we did not download the original file.
$this->assertNotEqual($this->drupalGetHeader('Content-Length'), $original_image->getFileSize());
// Make sure that access is denied for existing style files if we do not
// have access.
\Drupal::state()->delete('image.test_file_download');
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment