Skip to content
Snippets Groups Projects

Issue #3388985: Make CKEditor5ImageController reuse FileUploadHandler

Closed Issue #3388985: Make CKEditor5ImageController reuse FileUploadHandler
All threads resolved!
All threads resolved!
<?php
declare(strict_types = 1);
declare(strict_types=1);
namespace Drupal\ckeditor5\Controller;
@@ -9,20 +9,21 @@
use Drupal\Component\Utility\Environment;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\File\Event\FileUploadSanitizeNameEvent;
use Drupal\Core\File\Exception\FileException;
use Drupal\Core\File\FileSystemInterface;
use Drupal\Core\Lock\LockBackendInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\editor\Entity\Editor;
use Drupal\file\Entity\File;
use Drupal\file\FileInterface;
use Drupal\file\Upload\FileUploadHandler;
use Drupal\file\Upload\FormUploadedFile;
use Drupal\file\Validation\FileValidatorInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException;
use Symfony\Component\Lock\Exception\LockAcquiringException;
use Symfony\Component\Mime\MimeTypeGuesserInterface;
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
@@ -35,74 +36,62 @@
class CKEditor5ImageController extends ControllerBase {
/**
* The file system service.
*
* @var \Drupal\Core\File\FileSystem
*/
protected $fileSystem;
/**
* The currently authenticated user.
*
* @var \Drupal\Core\Session\AccountInterface
*/
protected $currentUser;
/**
* The MIME type guesser.
*
* @var \Symfony\Component\Mime\MimeTypeGuesserInterface
* The default allowed image extensions.
*/
protected $mimeTypeGuesser;
const DEFAULT_IMAGE_EXTENSIONS = 'gif png jpg jpeg';
/**
* The lock service.
*
* @var \Drupal\Core\Lock\LockBackendInterface
* The file system service.
*/
protected $lock;
protected FileSystemInterface $fileSystem;
/**
* The event dispatcher.
*
* @var \Symfony\Contracts\EventDispatcher\EventDispatcherInterface
* The lock.
*/
protected $eventDispatcher;
protected LockBackendInterface $lock;
/**
* The file validator.
*
* @var \Drupal\file\Validation\FileValidatorInterface
* The file upload handler.
*/
protected FileValidatorInterface $fileValidator;
protected FileUploadHandler $fileUploadHandler;
/**
* Constructs a new CKEditor5ImageController.
*
* @param \Drupal\Core\File\FileSystemInterface $file_system
* The file system service.
* @param \Drupal\Core\Session\AccountInterface $current_user
* @param \Drupal\Core\File\FileSystemInterface $fileSystem
* The file upload handler.
* @param \Drupal\Core\Session\AccountInterface|\Drupal\file\Upload\FileUploadHandler $fileUploadHandler
* The currently authenticated user.
* @param \Symfony\Component\Mime\MimeTypeGuesserInterface $mime_type_guesser
* @param \Symfony\Component\Mime\MimeTypeGuesserInterface|\Drupal\Core\Lock\LockBackendInterface $mime_type_guesser
* The MIME type guesser.
* @param \Drupal\Core\Lock\LockBackendInterface $lock
* @param \Drupal\Core\Lock\LockBackendInterface|null $lock
* The lock service.
* @param \Symfony\Contracts\EventDispatcher\EventDispatcherInterface $event_dispatcher
* @param \Symfony\Contracts\EventDispatcher\EventDispatcherInterface|null $event_dispatcher
* The event dispatcher.
* @param \Drupal\file\Validation\FileValidatorInterface|null $file_validator
* The file validator.
*/
public function __construct(FileSystemInterface $file_system, AccountInterface $current_user, MimeTypeGuesserInterface $mime_type_guesser, LockBackendInterface $lock, EventDispatcherInterface $event_dispatcher, FileValidatorInterface $file_validator = NULL) {
$this->fileSystem = $file_system;
$this->currentUser = $current_user;
$this->mimeTypeGuesser = $mime_type_guesser;
$this->lock = $lock;
$this->eventDispatcher = $event_dispatcher;
if (!$file_validator) {
@trigger_error('Calling ' . __METHOD__ . '() without the $file_validator argument is deprecated in drupal:10.2.0 and is required in drupal:11.0.0. See https://www.drupal.org/node/3363700', E_USER_DEPRECATED);
$file_validator = \Drupal::service('file.validator');
+1
public function __construct(FileSystemInterface $fileSystem, AccountInterface | FileUploadHandler $fileUploadHandler, MimeTypeGuesserInterface | LockBackendInterface $mime_type_guesser, LockBackendInterface $lock = NULL, EventDispatcherInterface $event_dispatcher = NULL, FileValidatorInterface $file_validator = NULL) {
$this->fileSystem = $fileSystem;
if ($fileUploadHandler instanceof AccountInterface) {
@trigger_error('Calling ' . __METHOD__ . '() with the $current_user argument is deprecated in drupal:10.3.0 and is removed from drupal:11.0.0. See https://www.drupal.org/node/3388990', E_USER_DEPRECATED);
$fileUploadHandler = \Drupal::service('file.upload_handler');
}
$this->fileUploadHandler = $fileUploadHandler;
if ($mime_type_guesser instanceof MimeTypeGuesserInterface) {
@trigger_error('Calling ' . __METHOD__ . '() with the $mime_type_guesser argument is deprecated in drupal:10.3.0 and is replaced with $lock from drupal:11.0.0. See https://www.drupal.org/node/3388990', E_USER_DEPRECATED);
$mime_type_guesser = \Drupal::service('lock');
}
$this->lock = $mime_type_guesser;
if ($lock) {
@trigger_error('Calling ' . __METHOD__ . '() with the $lock argument in position 4 is deprecated in drupal:10.3.0 and is removed from drupal:11.0.0. See https://www.drupal.org/node/3388990', E_USER_DEPRECATED);
}
if ($event_dispatcher) {
@trigger_error('Calling ' . __METHOD__ . '() with the $event_dispatcher argument is deprecated in drupal:10.3.0 and is removed from drupal:11.0.0. See https://www.drupal.org/node/3388990', E_USER_DEPRECATED);
}
if ($file_validator) {
@trigger_error('Calling ' . __METHOD__ . '() with the $file_validator argument is deprecated in drupal:10.3.0 and is removed from drupal:11.0.0. See https://www.drupal.org/node/3388990', E_USER_DEPRECATED);
}
$this->fileValidator = $file_validator;
}
/**
@@ -111,11 +100,8 @@ public function __construct(FileSystemInterface $file_system, AccountInterface $
public static function create(ContainerInterface $container) {
return new static(
$container->get('file_system'),
$container->get('current_user'),
$container->get('file.mime_type.guesser'),
$container->get('lock'),
$container->get('event_dispatcher'),
$container->get('file.validator')
$container->get('file.upload_handler'),
$container->get('lock')
);
}
@@ -132,52 +118,26 @@ public static function create(ContainerInterface $container) {
* Thrown when file system errors occur.
* @throws \Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException
* Thrown when validation errors occur.
* @throws \Drupal\Core\Entity\EntityStorageException
* Thrown when file entity could not be saved.
*/
public function upload(Request $request) {
public function upload(Request $request): Response {
// Getting the UploadedFile directly from the request.
/** @var \Symfony\Component\HttpFoundation\File\UploadedFile $upload */
$upload = $request->files->get('upload');
$filename = $upload->getClientOriginalName();
/** @var \Drupal\editor\EditorInterface $editor */
$editor = $request->attributes->get('editor');
$image_upload = $editor->getImageUploadSettings();
$destination = $image_upload['scheme'] . '://' . $image_upload['directory'];
$settings = $editor->getImageUploadSettings();
$destination = $settings['scheme'] . '://' . $settings['directory'];
// Check the destination file path is writable.
if (!$this->fileSystem->prepareDirectory($destination, FileSystemInterface::CREATE_DIRECTORY)) {
throw new HttpException(500, 'Destination file path is not writable');
}
$max_filesize = min(Bytes::toNumber($image_upload['max_size']), Environment::getUploadMaxSize());
if (!empty($image_upload['max_dimensions']['width']) || !empty($image_upload['max_dimensions']['height'])) {
$max_dimensions = $image_upload['max_dimensions']['width'] . 'x' . $image_upload['max_dimensions']['height'];
}
else {
$max_dimensions = 0;
}
$allowed_extensions = 'gif png jpg jpeg';
$validators = [
'FileExtension' => [
'extensions' => $allowed_extensions,
],
'FileSizeLimit' => [
'fileLimit' => $max_filesize,
],
'FileImageDimensions' => [
'maxDimensions' => $max_dimensions,
],
];
$prepared_filename = $this->prepareFilename($filename, $allowed_extensions);
// Create the file.
$file_uri = "{$destination}/{$prepared_filename}";
// Using the UploadedFile method instead of streamUploadData.
$temp_file_path = $upload->getRealPath();
$validators = $this->getImageUploadValidators($settings);
$file_uri = "{$destination}/{$filename}";
$file_uri = $this->fileSystem->getDestinationFilename($file_uri, FileSystemInterface::EXISTS_RENAME);
// Lock based on the prepared file URI.
@@ -187,31 +147,23 @@ public function upload(Request $request) {
throw new HttpException(503, sprintf('File "%s" is already locked for writing.', $file_uri), NULL, ['Retry-After' => 1]);
}
// Begin building file entity.
$file = File::create([]);
$file->setOwnerId($this->currentUser->id());
$file->setFilename($prepared_filename);
$file->setMimeType($this->mimeTypeGuesser->guessMimeType($prepared_filename));
$file->setFileUri($file_uri);
$file->setSize(@filesize($temp_file_path));
$violations = $this->validate($file, $validators);
if ($violations->count() > 0) {
throw new UnprocessableEntityHttpException($violations->__toString());
}
try {
$this->fileSystem->move($temp_file_path, $file_uri, FileSystemInterface::EXISTS_ERROR);
$uploadedFile = new FormUploadedFile($upload);
$uploadResult = $this->fileUploadHandler->handleFileUpload($uploadedFile, $validators, $destination, FileSystemInterface::EXISTS_RENAME, FALSE);
if ($uploadResult->hasViolations()) {
throw new UnprocessableEntityHttpException((string) $uploadResult->getViolations());
}
}
catch (FileException $e) {
throw new HttpException(500, 'Temporary file could not be moved to file location');
throw new HttpException(500, 'File could not be saved');
}
catch (LockAcquiringException $e) {
throw new HttpException(503, sprintf('File "%s" is already locked for writing.', $upload->getClientOriginalName()), NULL, ['Retry-After' => 1]);
}
$file->save();
$this->lock->release($lock_id);
$file = $uploadResult->getFile();
return new JsonResponse([
'url' => $file->createFileUrl(),
'uuid' => $file->uuid(),
@@ -219,6 +171,28 @@ public function upload(Request $request) {
], 201);
}
/**
* Gets the image upload validators.
*/
protected function getImageUploadValidators(array $settings): array {
$max_filesize = min(Bytes::toNumber($settings['max_size']), Environment::getUploadMaxSize());
$max_dimensions = 0;
if (!empty($settings['max_dimensions']['width']) || !empty($settings['max_dimensions']['height'])) {
$max_dimensions = $settings['max_dimensions']['width'] . 'x' . $settings['max_dimensions']['height'];
}
return [
'FileExtension' => [
'extensions' => self::DEFAULT_IMAGE_EXTENSIONS,
],
'FileSizeLimit' => [
'fileLimit' => $max_filesize,
],
'FileImageDimensions' => [
'maxDimensions' => $max_dimensions,
],
];
}
/**
* Access check based on whether image upload is enabled or not.
*
@@ -239,48 +213,6 @@ public function imageUploadEnabledAccess(Editor $editor) {
return AccessResult::allowed();
}
/**
* Validates the file.
*
* @param \Drupal\file\FileInterface $file
* The file entity to validate.
* @param array $validators
* An array of upload validators to pass to the FileValidator.
*
* @return \Drupal\Core\Entity\EntityConstraintViolationListInterface
* The list of constraint violations, if any.
*/
protected function validate(FileInterface $file, array $validators) {
$violations = $file->validate();
// Remove violations of inaccessible fields as they cannot stem from our
// changes.
$violations->filterByFieldAccess();
// Validate the file based on the field definition configuration.
$violations->addAll($this->fileValidator->validate($file, $validators));
return $violations;
}
/**
* Prepares the filename to strip out any malicious extensions.
*
* @param string $filename
* The file name.
* @param string $allowed_extensions
* The allowed extensions.
*
* @return string
* The prepared/munged filename.
*/
protected function prepareFilename(string $filename, string $allowed_extensions): string {
$event = new FileUploadSanitizeNameEvent($filename, $allowed_extensions);
$this->eventDispatcher->dispatch($event);
return $event->getFilename();
}
/**
* Generates a lock ID based on the file URI.
*
@@ -291,7+223,7 @@
* The generated lock ID.
*/
protected static function generateLockIdFromFileUri($file_uri) {
return 'file:ckeditor5:' . Crypt::hashBase64($file_uri);
}
}
Loading