Skip to content
Snippets Groups Projects

Issue #3481160: XsendfileImageStyleDownloadController::deliver() has wrong signature

1 file
+ 31
17
Compare changes
  • Side-by-side
  • Inline
@@ -83,6 +83,8 @@ class XsendfileImageStyleDownloadController extends ImageStyleDownloadController
* The file scheme, defaults to 'private'.
* @param \Drupal\image\ImageStyleInterface $image_style
* The image style to deliver.
* @param string $required_derivative_scheme
* The required scheme for the derivative image.
*
* @return \Symfony\Component\HttpFoundation\BinaryFileResponse|\Symfony\Component\HttpFoundation\Response
* The transferred file as response or some error response.
@@ -94,10 +96,11 @@ class XsendfileImageStyleDownloadController extends ImageStyleDownloadController
* @throws \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException
* Thrown when the file is still being generated.
*/
public function deliver(Request $request, $scheme, ImageStyleInterface $image_style) {
public function deliver(Request $request, $scheme, ImageStyleInterface $image_style, string $required_derivative_scheme) {
$target = $request->query->get('file');
$image_uri = $scheme . '://' . $target;
$image_uri = $this->streamWrapperManager->normalizeUri($image_uri);
$sample_image_uri = $scheme . '://' . $this->config('image.settings')->get('preview_image');
if ($this->streamWrapperManager->isValidScheme($scheme)) {
$normalized_target = $this->streamWrapperManager->getTarget($image_uri);
@@ -142,6 +145,10 @@ class XsendfileImageStyleDownloadController extends ImageStyleDownloadController
$derivative_uri = $image_style->buildUri($image_uri);
$derivative_scheme = $this->streamWrapperManager->getScheme($derivative_uri);
if ($required_derivative_scheme !== $derivative_scheme) {
throw new AccessDeniedHttpException("The scheme for this image doesn't match the scheme for the original image");
}
if ($token_is_valid) {
$is_public = ($scheme !== 'private');
}
@@ -154,33 +161,40 @@ class XsendfileImageStyleDownloadController extends ImageStyleDownloadController
$headers = [];
// If not using a public scheme, let other modules provide headers and
// control access to the file.
if (!$is_public) {
$headers = $this->moduleHandler()->invokeAll('file_download', [$image_uri]);
if (in_array(-1, $headers) || empty($headers)) {
throw new AccessDeniedHttpException();
}
}
// Don't try to generate file if source is missing.
if (!$this->sourceImageExists($image_uri, $token_is_valid)) {
if ($image_uri !== $sample_image_uri && !$this->sourceImageExists($image_uri, $token_is_valid)) {
// If the image style converted the extension, it has been added to the
// original file, resulting in filenames like image.png.jpeg. So to find
// the actual source image, we remove the extension and check if that
// image exists.
$path_info = pathinfo(StreamWrapperManager::getTarget($image_uri));
$converted_image_uri = sprintf('%s://%s%s%s', $this->streamWrapperManager->getScheme($derivative_uri), $path_info['dirname'], DIRECTORY_SEPARATOR, $path_info['filename']);
if (!$this->sourceImageExists($converted_image_uri, $token_is_valid)) {
$converted_image_uri = static::getUriWithoutConvertedExtension($image_uri);
if ($converted_image_uri !== $image_uri &&
$this->sourceImageExists($converted_image_uri, $token_is_valid)) {
// The converted file does exist, use it as the source.
$image_uri = $converted_image_uri;
}
else {
$this->logger->notice('Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.', ['%source_image_path' => $image_uri, '%derivative_path' => $derivative_uri]);
return new Response($this->t('Error generating image, missing source file.'), 404);
}
else {
// The converted file does exist, use it as the source.
$image_uri = $converted_image_uri;
}
// If not using a public scheme, let other modules provide headers and
// control access to the file.
if (!$is_public) {
$headers = $this->moduleHandler()->invokeAll('file_download', [$image_uri]);
if (in_array(-1, $headers) || empty($headers)) {
throw new AccessDeniedHttpException();
}
}
// If it is default sample.png, ignore scheme.
// This value swap must be done after hook_file_download is called since
// the hooks are expecting a URI, not a file path.
if ($image_uri === $sample_image_uri) {
$image_uri = $target;
}
// Don't start generating the image if the derivative already exists or if
// generation is in progress in another thread.
if (!file_exists($derivative_uri)) {
Loading