Commit 0ed76f0d authored by Dries's avatar Dries

Issue #1999384 by bojanz, naveenvalecha: Use Symfony Request for image module.

parent a72d1f1b
......@@ -314,9 +314,10 @@ function image_effect_form($form, &$form_state, $style, $effect) {
$form['data']['#tree'] = TRUE;
// Check the URL for a weight, then the image effect, otherwise use default.
$weight = Drupal::request()->query->get('weight');
$form['weight'] = array(
'#type' => 'hidden',
'#value' => isset($_GET['weight']) ? intval($_GET['weight']) : (isset($effect['weight']) ? $effect['weight'] : count($style->effects)),
'#value' => isset($weight) ? intval($weight) : (isset($effect['weight']) ? $effect['weight'] : count($style->effects)),
);
$form['actions'] = array('#type' => 'actions');
......
......@@ -537,7 +537,8 @@ function image_style_deliver($style, $scheme) {
// denial-of-service attacks.)
$valid = !empty($style) && file_stream_wrapper_valid_scheme($scheme);
if (!config('image.settings')->get('allow_insecure_derivatives')) {
$valid = $valid && isset($_GET[IMAGE_DERIVATIVE_TOKEN]) && $_GET[IMAGE_DERIVATIVE_TOKEN] === image_style_path_token($style->name, $scheme . '://' . $target);
$image_derivative_token = Drupal::request()->query->get(IMAGE_DERIVATIVE_TOKEN);
$valid = $valid && isset($image_derivative_token) && $image_derivative_token === image_style_path_token($style->name, $scheme . '://' . $target);
}
if (!$valid) {
throw new AccessDeniedHttpException();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment