Commit a6e1c229 authored by alexpott's avatar alexpott

Issue #2702227 by claudiu.cristea, jeroen.b, marco.giaco: Image styles for...

Issue #2702227 by claudiu.cristea, jeroen.b, marco.giaco: Image styles for private files are serving the original instead of derivative

(cherry picked from commit bba2fda3)
parent fb17f9f8
......@@ -113,14 +113,9 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st
// If using the private scheme, let other modules provide headers and
// control access to the file.
if ($scheme == 'private') {
if (file_exists($derivative_uri)) {
return parent::download($request, $scheme);
}
else {
$headers = $this->moduleHandler()->invokeAll('file_download', array($image_uri));
if (in_array(-1, $headers) || empty($headers)) {
throw new AccessDeniedHttpException();
}
$headers = $this->moduleHandler()->invokeAll('file_download', array($image_uri));
if (in_array(-1, $headers) || empty($headers)) {
throw new AccessDeniedHttpException();
}
}
......
......@@ -155,6 +155,11 @@ function doImageStyleUrlAndPathTests($scheme, $clean_url = TRUE, $extra_slash =
$image = $this->container->get('image.factory')->get($generated_uri);
$this->assertEqual($this->drupalGetHeader('Content-Type'), $image->getMimeType(), 'Expected Content-Type was reported.');
$this->assertEqual($this->drupalGetHeader('Content-Length'), $image->getFileSize(), 'Expected Content-Length was reported.');
// Check that we did not download the original file.
$original_image = $this->container->get('image.factory')->get($original_uri);
$this->assertNotEqual($this->drupalGetHeader('Content-Length'), $original_image->getFileSize());
if ($scheme == 'private') {
$this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
$this->assertNotEqual(strpos($this->drupalGetHeader('Cache-Control'), 'no-cache'), FALSE, 'Cache-Control header contains \'no-cache\' to prevent caching.');
......@@ -165,6 +170,12 @@ function doImageStyleUrlAndPathTests($scheme, $clean_url = TRUE, $extra_slash =
$this->drupalGet($generate_url);
$this->assertResponse(200, 'Image was generated at the URL.');
// Check that the second request also returned the generated image.
$this->assertEqual($this->drupalGetHeader('Content-Length'), $image->getFileSize());
// Check that we did not download the original file.
$this->assertNotEqual($this->drupalGetHeader('Content-Length'), $original_image->getFileSize());
// Make sure that access is denied for existing style files if we do not
// have access.
\Drupal::state()->delete('image.test_file_download');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment