From 0971ae5fa16e3722e889496150ec3c9e30c23ec7 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Fri, 28 Jan 2022 20:49:40 +0000
Subject: [PATCH] Issue #3260766 by andypost: Remove deprecated file.inc and
its mentions
---
core/includes/file.inc | 218 ------------------
core/includes/install.core.inc | 1 -
core/includes/theme.maintenance.inc | 1 -
core/lib/Drupal/Core/DrupalKernel.php | 1 -
core/lib/Drupal/Core/Form/FormBuilder.php | 2 +-
core/lib/Drupal/Core/Render/Element/File.php | 2 +-
.../lib/Drupal/Core/Test/TestRunnerKernel.php | 1 -
core/modules/file/file.api.php | 4 +-
.../Core/File/FileSystemDeprecationTest.php | 34 ---
.../KernelTests/Core/File/FileTestBase.php | 2 -
.../KernelTests/Core/File/NameMungingTest.php | 128 ----------
11 files changed, 5 insertions(+), 389 deletions(-)
delete mode 100644 core/includes/file.inc
delete mode 100644 core/tests/Drupal/KernelTests/Core/File/FileSystemDeprecationTest.php
delete mode 100644 core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php
diff --git a/core/includes/file.inc b/core/includes/file.inc
deleted file mode 100644
index c0be1e0253f4..000000000000
--- a/core/includes/file.inc
+++ /dev/null
@@ -1,218 +0,0 @@
-<?php
-
-/**
- * @file
- * API for handling file uploads and server file management.
- */
-
-use Drupal\Core\File\Exception\InvalidStreamWrapperException;
-use Drupal\Core\File\FileSystemInterface;
-
-/**
- * @defgroup file File interface
- * @{
- * Common file handling functions.
- */
-
-/**
- * Indicates that the file is permanent and should not be deleted.
- *
- * Temporary files older than the system.file.temporary_maximum_age
- * configuration value will be, if clean-up not disabled, removed during cron
- * runs, but permanent files will not be removed during the file garbage
- * collection process.
- *
- * @deprecated in drupal:9.3.0 and is removed from drupal:10.0.0. Use
- * \Drupal\file\FileInterface::STATUS_PERMANENT or
- * \Drupal\file\FileInterface::setPermanent() instead.
- *
- * @see https://www.drupal.org/node/3022147
- */
-const FILE_STATUS_PERMANENT = 1;
-
-/**
- * Creates a web-accessible URL for a stream to an external or local file.
- *
- * Compatibility: normal paths and stream wrappers.
- *
- * There are two kinds of local files:
- * - "managed files", i.e. those stored by a Drupal-compatible stream wrapper.
- * These are files that have either been uploaded by users or were generated
- * automatically (for example through CSS aggregation).
- * - "shipped files", i.e. those outside of the files directory, which ship as
- * part of Drupal core or contributed modules or themes.
- *
- * @param string $uri
- * The URI to a file for which we need an external URL, or the path to a
- * shipped file.
- *
- * @return string
- * A string containing a URL that may be used to access the file.
- * If the provided string already contains a preceding 'http', 'https', or
- * '/', nothing is done and the same string is returned. If a stream wrapper
- * could not be found to generate an external URL, then FALSE is returned.
- *
- * @deprecated in drupal:9.3.0 and is removed from drupal:10.0.0.
- * Use the appropriate method on \Drupal\Core\File\FileUrlGeneratorInterface
- * instead.
- *
- * @see https://www.drupal.org/node/2940031
- * @see https://www.drupal.org/node/515192
- * @see \Drupal\Core\File\FileUrlGeneratorInterface::generate()
- * @see \Drupal\Core\File\FileUrlGeneratorInterface::generateString()
- * @see \Drupal\Core\File\FileUrlGeneratorInterface::generateAbsoluteString()
- * @see \Drupal\Core\File\FileUrlGeneratorInterface::transformRelative()
- */
-function file_create_url($uri) {
- @trigger_error('file_create_url() is deprecated in drupal:9.3.0 and is removed from drupal:10.0.0. Use the appropriate method on \Drupal\Core\File\FileUrlGeneratorInterface instead. See https://www.drupal.org/node/2940031', E_USER_DEPRECATED);
- try {
- return \Drupal::service('file_url_generator')->generateAbsoluteString($uri);
- }
- catch (InvalidStreamWrapperException $e) {
- return FALSE;
- }
-}
-
-/**
- * Transforms an absolute URL of a local file to a relative URL.
- *
- * May be useful to prevent problems on multisite set-ups and prevent mixed
- * content errors when using HTTPS + HTTP.
- *
- * @param string $file_url
- * A file URL of a local file as generated by
- * FileUrlGeneratorInterface::generateString().
- *
- * @return string
- * If the file URL indeed pointed to a local file and was indeed absolute,
- * then the transformed, relative URL to the local file. Otherwise: the
- * original value of $file_url.
- *
- * @deprecated in drupal:9.3.0 and is removed from drupal:10.0.0.
- * Use \Drupal\Core\File\FileUrlGenerator::transformRelative() instead.
- *
- * @see https://www.drupal.org/node/2940031
- * @see \Drupal\Core\File\FileUrlGeneratorInterface::transformRelative()
- */
-function file_url_transform_relative($file_url) {
- @trigger_error('file_url_transform_relative() is deprecated in drupal:9.3.0 and is removed from drupal:10.0.0. Use \Drupal\Core\File\FileUrlGenerator::transformRelative() instead. See https://www.drupal.org/node/2940031', E_USER_DEPRECATED);
- return \Drupal::service('file_url_generator')->transformRelative($file_url);
-}
-
-/**
- * Constructs a URI to Drupal's default files location given a relative path.
- *
- * @deprecated in drupal:9.3.0 and is removed from drupal:10.0.0 without
- * replacement.
- *
- * @see https://www.drupal.org/node/3223091
- */
-function file_build_uri($path) {
- @trigger_error('file_build_uri() is deprecated in drupal:9.3.0 and is removed from drupal:10.0.0 without replacement. See https://www.drupal.org/node/3223091', E_USER_DEPRECATED);
- $uri = \Drupal::config('system.file')->get('default_scheme') . '://' . $path;
- /** @var \Drupal\Core\StreamWrapper\StreamWrapperManagerInterface $stream_wrapper_manager */
- $stream_wrapper_manager = \Drupal::service('stream_wrapper_manager');
- return $stream_wrapper_manager->normalizeUri($uri);
-}
-
-/**
- * Modifies a filename as needed for security purposes.
- *
- * Munging a file name prevents unknown file extensions from masking exploit
- * files. When web servers such as Apache decide how to process a URL request,
- * they use the file extension. If the extension is not recognized, Apache
- * skips that extension and uses the previous file extension. For example, if
- * the file being requested is exploit.php.pps, and Apache does not recognize
- * the '.pps' extension, it treats the file as PHP and executes it. To make
- * this file name safe for Apache and prevent it from executing as PHP, the
- * .php extension is "munged" into .php_, making the safe file name
- * exploit.php_.pps.
- *
- * Specifically, this function adds an underscore to all extensions that are
- * between 2 and 5 characters in length, internal to the file name, and either
- * included in the list of unsafe extensions, or not included in $extensions.
- *
- * Function behavior is also controlled by the configuration
- * 'system.file:allow_insecure_uploads'. If it evaluates to TRUE, no alterations
- * will be made, if it evaluates to FALSE, the filename is 'munged'. *
- * @param $filename
- * File name to modify.
- * @param $extensions
- * A space-separated list of extensions that should not be altered. Note that
- * extensions that are unsafe will be altered regardless of this parameter.
- * @param $alerts
- * If TRUE, \Drupal::messenger()->addStatus() will be called to display
- * a message if the file name was changed.
- *
- * @return string
- * The potentially modified $filename.
- *
- * @deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. Dispatch a
- * \Drupal\Core\File\Event\FileUploadSanitizeNameEvent event instead.
- *
- * @see https://www.drupal.org/node/3032541
- */
-function file_munge_filename($filename, $extensions, $alerts = TRUE) {
- @trigger_error('file_munge_filename() is deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. Dispatch a \Drupal\Core\File\Event\FileUploadSanitizeNameEvent event instead. See https://www.drupal.org/node/3032541', E_USER_DEPRECATED);
- $original = $filename;
-
- // Allow potentially insecure uploads for very savvy users and admin
- if (!\Drupal::config('system.file')->get('allow_insecure_uploads')) {
- // Remove any null bytes. See
- // http://php.net/manual/security.filesystem.nullbytes.php
- $filename = str_replace(chr(0), '', $filename);
-
- $allowed_extensions = array_unique(explode(' ', strtolower(trim($extensions))));
-
- // Remove unsafe extensions from the allowed list of extensions.
- $allowed_extensions = array_diff($allowed_extensions, FileSystemInterface::INSECURE_EXTENSIONS);
-
- // Split the filename up by periods. The first part becomes the basename
- // the last part the final extension.
- $filename_parts = explode('.', $filename);
- // Remove file basename.
- $new_filename = array_shift($filename_parts);
- // Remove final extension.
- $final_extension = array_pop($filename_parts);
-
- // Loop through the middle parts of the name and add an underscore to the
- // end of each section that could be a file extension but isn't in the list
- // of allowed extensions.
- foreach ($filename_parts as $filename_part) {
- $new_filename .= '.' . $filename_part;
- if (!in_array(strtolower($filename_part), $allowed_extensions) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
- $new_filename .= '_';
- }
- }
- $filename = $new_filename . '.' . $final_extension;
-
- if ($alerts && $original != $filename) {
- \Drupal::messenger()->addStatus(t('For security reasons, your upload has been renamed to %filename.', ['%filename' => $filename]));
- }
- }
-
- return $filename;
-}
-
-/**
- * Undoes the effect of file_munge_filename().
- *
- * @param $filename
- * String with the filename to be unmunged.
- *
- * @return
- * An unmunged filename string.
- *
- * @deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. Use
- * str_replace() instead.
- *
- * @see https://www.drupal.org/node/3032541
- */
-function file_unmunge_filename($filename) {
- @trigger_error('file_unmunge_filename() is deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. Use str_replace() instead. See https://www.drupal.org/node/3032541', E_USER_DEPRECATED);
- return str_replace('_.', '.', $filename);
-}
-
-/**
- * @} End of "defgroup file".
- */
diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc
index 31b5b5a6810b..2da1e35f1fac 100644
--- a/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@@ -338,7 +338,6 @@ function install_begin_request($class_loader, &$install_state) {
// since the error/exception handlers depend on them.
require_once __DIR__ . '/../modules/system/system.install';
require_once __DIR__ . '/common.inc';
- require_once __DIR__ . '/file.inc';
require_once __DIR__ . '/install.inc';
require_once __DIR__ . '/schema.inc';
require_once __DIR__ . '/form.inc';
diff --git a/core/includes/theme.maintenance.inc b/core/includes/theme.maintenance.inc
index 873738f883a0..aa2a248750a6 100644
--- a/core/includes/theme.maintenance.inc
+++ b/core/includes/theme.maintenance.inc
@@ -25,7 +25,6 @@ function _drupal_maintenance_theme() {
require_once __DIR__ . '/theme.inc';
require_once __DIR__ . '/common.inc';
- require_once __DIR__ . '/file.inc';
require_once __DIR__ . '/module.inc';
// Install and update pages are treated differently to prevent theming overrides.
diff --git a/core/lib/Drupal/Core/DrupalKernel.php b/core/lib/Drupal/Core/DrupalKernel.php
index f57a83a9604e..e23d81b15636 100644
--- a/core/lib/Drupal/Core/DrupalKernel.php
+++ b/core/lib/Drupal/Core/DrupalKernel.php
@@ -538,7 +538,6 @@ public function loadLegacyIncludes() {
require_once $this->root . '/core/includes/module.inc';
require_once $this->root . '/core/includes/theme.inc';
require_once $this->root . '/core/includes/menu.inc';
- require_once $this->root . '/core/includes/file.inc';
require_once $this->root . '/core/includes/form.inc';
require_once $this->root . '/core/includes/errors.inc';
require_once $this->root . '/core/includes/schema.inc';
diff --git a/core/lib/Drupal/Core/Form/FormBuilder.php b/core/lib/Drupal/Core/Form/FormBuilder.php
index 6388b857c767..c38ff014e439 100644
--- a/core/lib/Drupal/Core/Form/FormBuilder.php
+++ b/core/lib/Drupal/Core/Form/FormBuilder.php
@@ -1171,7 +1171,7 @@ protected function handleInputElement($form_id, &$element, FormStateInterface &$
$name = array_shift($element['#parents']);
$element['#name'] = $name;
if ($element['#type'] == 'file') {
- // To make it easier to handle files in file.inc, we place all
+ // To make it easier to handle files, we place all
// file fields in the 'files' array. Also, we do not support
// nested file names.
// @todo Remove this files prefix now?
diff --git a/core/lib/Drupal/Core/Render/Element/File.php b/core/lib/Drupal/Core/Render/Element/File.php
index 5fe7b8f7f613..c909b926deaf 100644
--- a/core/lib/Drupal/Core/Render/Element/File.php
+++ b/core/lib/Drupal/Core/Render/Element/File.php
@@ -54,7 +54,7 @@ public static function processFile(&$element, FormStateInterface $form_state, &$
* Prepares a #type 'file' render element for input.html.twig.
*
* For assistance with handling the uploaded file correctly, see the API
- * provided by file.inc.
+ * provided by file.api.php.
*
* @param array $element
* An associative array containing the properties of the element.
diff --git a/core/lib/Drupal/Core/Test/TestRunnerKernel.php b/core/lib/Drupal/Core/Test/TestRunnerKernel.php
index 2315693eacf4..d5ec4573f192 100644
--- a/core/lib/Drupal/Core/Test/TestRunnerKernel.php
+++ b/core/lib/Drupal/Core/Test/TestRunnerKernel.php
@@ -86,7 +86,6 @@ public function boot() {
$this->getContainer()->get('stream_wrapper_manager')->register();
// Create the build/artifacts directory if necessary.
- include_once $this->getAppRoot() . '/core/includes/file.inc';
if (!is_dir('public://simpletest') && !@mkdir('public://simpletest', 0777, TRUE) && !is_dir('public://simpletest')) {
throw new \RuntimeException('Unable to create directory: public://simpletest');
}
diff --git a/core/modules/file/file.api.php b/core/modules/file/file.api.php
index bc60c04565d9..8c2cb93b7ba6 100644
--- a/core/modules/file/file.api.php
+++ b/core/modules/file/file.api.php
@@ -6,8 +6,10 @@
*/
/**
- * @addtogroup file
+ * @defgroup file File interface
* @{
+ * Common file handling functions.
+ *
* @section file_security Uploading files and security considerations
*
* Using \Drupal\file\Element\ManagedFile field with a defined list of allowed
diff --git a/core/tests/Drupal/KernelTests/Core/File/FileSystemDeprecationTest.php b/core/tests/Drupal/KernelTests/Core/File/FileSystemDeprecationTest.php
deleted file mode 100644
index 6d3eb63c8410..000000000000
--- a/core/tests/Drupal/KernelTests/Core/File/FileSystemDeprecationTest.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<?php
-
-namespace Drupal\KernelTests\Core\File;
-
-use Drupal\KernelTests\KernelTestBase;
-
-/**
- * Tests deprecations in file.inc.
- *
- * @group File
- * @group legacy
- */
-class FileSystemDeprecationTest extends KernelTestBase {
-
- /**
- * Tests deprecated FileCreateUrl.
- */
- public function testDeprecatedFileCreateUrl() {
- $this->expectDeprecation('file_create_url() is deprecated in drupal:9.3.0 and is removed from drupal:10.0.0. Use the appropriate method on \Drupal\Core\File\FileUrlGeneratorInterface instead. See https://www.drupal.org/node/2940031');
- $this->expectDeprecation('file_url_transform_relative() is deprecated in drupal:9.3.0 and is removed from drupal:10.0.0. Use \Drupal\Core\File\FileUrlGenerator::transformRelative() instead. See https://www.drupal.org/node/2940031');
- $filepath = 'core/assets/vendor/jquery/jquery.min.js';
- $url = file_url_transform_relative(file_create_url($filepath));
- $this->assertNotEmpty($url);
- }
-
- /**
- * Tests deprecated file_build_uri()
- */
- public function testDeprecatedFileBuildUri() {
- $this->expectDeprecation('file_build_uri() is deprecated in drupal:9.3.0 and is removed from drupal:10.0.0 without replacement. See https://www.drupal.org/node/3223091');
- $this->assertEquals('public://foo/bar.txt', file_build_uri('foo/bar.txt'));
- }
-
-}
diff --git a/core/tests/Drupal/KernelTests/Core/File/FileTestBase.php b/core/tests/Drupal/KernelTests/Core/File/FileTestBase.php
index 9deac668af29..9e8998461f1d 100644
--- a/core/tests/Drupal/KernelTests/Core/File/FileTestBase.php
+++ b/core/tests/Drupal/KernelTests/Core/File/FileTestBase.php
@@ -67,8 +67,6 @@ protected function setUpFilesystem() {
$public_file_directory = $this->siteDirectory . '/files';
$private_file_directory = $this->siteDirectory . '/private';
- require_once 'core/includes/file.inc';
-
mkdir($this->siteDirectory, 0775);
mkdir($this->siteDirectory . '/files', 0775);
mkdir($this->siteDirectory . '/private', 0775);
diff --git a/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php b/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php
deleted file mode 100644
index ac4a726dd74c..000000000000
--- a/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php
+++ /dev/null
@@ -1,128 +0,0 @@
-<?php
-
-namespace Drupal\KernelTests\Core\File;
-
-use Drupal\Component\Render\FormattableMarkup;
-
-/**
- * Tests filename munging and unmunging.
- *
- * Checks performed, relying on 2 <= strlen('foo') <= 5.
- *
- * - testMunging()
- * - (name).foo.txt -> (name).foo_.txt when allows_insecure_uploads === 0
- * - testMungeBullByte()
- * - (name).foo\0.txt -> (name).foo_.txt regardless of allows_insecure_uploads
- * - testMungeIgnoreInsecure()
- * - (name).foo.txt unmodified when allows_insecure_uploads === 1
- * - testMungeIgnoreAllowedExtensions()
- * - (name).FOO.txt -> (name).FOO when allowing 'foo'.
- * - (name).foo.txt -> (name).foo.txt when allowing 'FOO'.
- * - testMungeUnsafe()
- * - (name).php.txt -> (name).php_.txt even when allowing 'php txt'
- * - (name).php.txt -> (name).php_.txt even when allowing 'php txt'
- * - testUnMunge()
- * - (name).foo.txt -> (unchecked) -> (name).foo.txt after un-munging
- *
- * @group File
- * @group legacy
- */
-class NameMungingTest extends FileTestBase {
-
- /**
- * An extension to be used as forbidden during munge operations.
- *
- * @var string
- */
- protected $badExtension;
-
- /**
- * The name of a file with a bad extension, after munging.
- *
- * @var string
- */
- protected $name;
-
- /**
- * The name of a file with an upper-cased bad extension, after munging.
- *
- * @var string
- */
- protected $nameWithUcExt;
-
- protected function setUp(): void {
- parent::setUp();
- $this->badExtension = 'foo';
- $this->name = $this->randomMachineName() . '.' . $this->badExtension . '.txt';
- $this->nameWithUcExt = $this->randomMachineName() . '.' . strtoupper($this->badExtension) . '.txt';
- }
-
- /**
- * Create a file and munge/unmunge the name.
- */
- public function testMunging() {
- $this->expectDeprecation('file_munge_filename() is deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. Dispatch a \Drupal\Core\File\Event\FileUploadSanitizeNameEvent event instead. See https://www.drupal.org/node/3032541');
- // Disable insecure uploads.
- $this->config('system.file')->set('allow_insecure_uploads', 0)->save();
- $munged_name = file_munge_filename($this->name, '', TRUE);
- $messages = \Drupal::messenger()->all();
- \Drupal::messenger()->deleteAll();
- $this->assertContainsEquals(strtr('For security reasons, your upload has been renamed to <em class="placeholder">%filename</em>.', ['%filename' => $munged_name]), $messages['status'], 'Alert properly set when a file is renamed.');
- $this->assertNotEquals($this->name, $munged_name, new FormattableMarkup('The new filename (%munged) has been modified from the original (%original)', ['%munged' => $munged_name, '%original' => $this->name]));
- }
-
- /**
- * Tests munging with a null byte in the filename.
- */
- public function testMungeNullByte() {
- $prefix = $this->randomMachineName();
- $filename = $prefix . '.' . $this->badExtension . "\0.txt";
- $this->assertEquals($prefix . '.' . $this->badExtension . '_.txt', file_munge_filename($filename, ''), 'A filename with a null byte is correctly munged to remove the null byte.');
- }
-
- /**
- * If the system.file.allow_insecure_uploads setting evaluates to true, the file should
- * come out untouched, no matter how evil the filename.
- */
- public function testMungeIgnoreInsecure() {
- $this->config('system.file')->set('allow_insecure_uploads', 1)->save();
- $munged_name = file_munge_filename($this->name, '');
- $this->assertSame($munged_name, $this->name, new FormattableMarkup('The original filename (%original) matches the munged filename (%munged) when insecure uploads are enabled.', ['%munged' => $munged_name, '%original' => $this->name]));
- }
-
- /**
- * Tests that allowed extensions are ignored by file_munge_filename().
- */
- public function testMungeIgnoreAllowedExtensions() {
- // Declare that our extension is allowed. The declared extensions should be
- // case insensitive, so test using one with a different case.
- $munged_name = file_munge_filename($this->nameWithUcExt, $this->badExtension);
- $this->assertSame($munged_name, $this->nameWithUcExt);
- // The allowed extensions should also be normalized.
- $munged_name = file_munge_filename($this->name, strtoupper($this->badExtension));
- $this->assertSame($munged_name, $this->name);
- }
-
- /**
- * Tests unsafe extensions are always munged by file_munge_filename().
- */
- public function testMungeUnsafe() {
- $prefix = $this->randomMachineName();
- $name = "$prefix.php.txt";
- // Put the php extension in the allowed list, but since it is in the unsafe
- // extension list, it should still be munged.
- $munged_name = file_munge_filename($name, 'php txt');
- $this->assertSame("$prefix.php_.txt", $munged_name);
- }
-
- /**
- * Ensure that unmunge gets your name back.
- */
- public function testUnMunge() {
- $this->expectDeprecation('file_unmunge_filename() is deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. Use str_replace() instead. See https://www.drupal.org/node/3032541');
- $munged_name = file_munge_filename($this->name, '', FALSE);
- $unmunged_name = file_unmunge_filename($munged_name);
- $this->assertSame($unmunged_name, $this->name, new FormattableMarkup('The unmunged (%unmunged) filename matches the original (%original)', ['%unmunged' => $unmunged_name, '%original' => $this->name]));
- }
-
-}
--
GitLab