You are here

Home » API reference » Drupal 9 » FileUploadSanitizeNameEvent.php

class FileUploadSanitizeNameEvent in Drupal 9

An event during file upload that lets subscribers sanitize the filename.

Hierarchy

Expanded class hierarchy of FileUploadSanitizeNameEvent

See also

_file_save_upload_single()

\Drupal\file\Plugin\rest\resource\FileUploadResource::prepareFilename()

\Drupal\system\EventSubscriber\SecurityFileUploadEventSubscriber::sanitizeName()

6 files declare their use of FileUploadSanitizeNameEvent
file.module in core/modules/file/file.module
Defines a "managed_file" Form API field and a "file" field for Field module.
FileUploadResource.php in core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
FileUploadSanitizeNameEventTest.php in core/tests/Drupal/Tests/Core/File/FileUploadSanitizeNameEventTest.php
SecurityFileUploadEventSubscriber.php in core/modules/system/src/EventSubscriber/SecurityFileUploadEventSubscriber.php
SecurityFileUploadEventSubscriberTest.php in core/modules/system/tests/src/Unit/Event/SecurityFileUploadEventSubscriberTest.php

... See full list

File

core/lib/Drupal/Core/File/Event/FileUploadSanitizeNameEvent.php, line 14

Namespace

Drupal\Core\File\Event
View source 
class FileUploadSanitizeNameEvent extends Event {

  /**
   * The name of the file being uploaded.
   *
   * @var string
   */
  protected $filename = '';

  /**
   * A list of allowed extensions.
   *
   * @var string[]
   */
  protected $allowedExtensions = [];

  /**
   * Indicates the filename has changed for security reasons.
   *
   * @var bool
   */
  protected $isSecurityRename = FALSE;

  /**
   * Constructs a file upload sanitize name event object.
   *
   * @param string $filename
   *   The full filename (with extension, but not directory) being uploaded.
   * @param string $allowed_extensions
   *   A list of allowed extensions. If empty all extensions are allowed.
   */
  public function __construct(string $filename, string $allowed_extensions) {
    $this
      ->setFilename($filename);
    if ($allowed_extensions !== '') {
      $this->allowedExtensions = array_unique(explode(' ', trim(strtolower($allowed_extensions))));
    }
  }

  /**
   * Gets the filename.
   *
   * @return string
   *   The filename.
   */
  public function getFilename() : string {
    return $this->filename;
  }

  /**
   * Sets the filename.
   *
   * @param string $filename
   *   The filename to use for the uploaded file.
   *
   * @return $this
   *
   * @throws \InvalidArgumentException
   *   Thrown when $filename contains path information.
   */
  public function setFilename(string $filename) : self {
    if (dirname($filename) !== '.') {
      throw new \InvalidArgumentException(sprintf('$filename must be a filename with no path information, "%s" provided', $filename));
    }
    $this->filename = $filename;
    return $this;
  }

  /**
   * Gets the list of allowed extensions.
   *
   * @return string[]
   *   The list of allowed extensions.
   */
  public function getAllowedExtensions() : array {
    return $this->allowedExtensions;
  }

  /**
   * Sets the security rename flag.
   *
   * @return $this
   */
  public function setSecurityRename() : self {
    $this->isSecurityRename = TRUE;
    return $this;
  }

  /**
   * Gets the security rename flag.
   *
   * @return bool
   *   TRUE if there is a rename for security reasons, otherwise FALSE.
   */
  public function isSecurityRename() : bool {
    return $this->isSecurityRename;
  }

  /**
   * {@inheritdoc}
   *
   * @throws \RuntimeException
   *   Thrown whenever this method is called. This event should always be fully
   *   processed so that SecurityFileUploadEventSubscriber::sanitizeName()
   *   gets a chance to run.
   *
   * @see \Drupal\system\EventSubscriber\SecurityFileUploadEventSubscriber
   */
  public function stopPropagation() : void {
    throw new \RuntimeException('Propagation cannot be stopped for the FileUploadSanitizeNameEvent');
  }

}

Members

Namesort descending Modifiers Type Description Overrides
FileUploadSanitizeNameEvent::$allowedExtensions protected property A list of allowed extensions.
FileUploadSanitizeNameEvent::$filename protected property The name of the file being uploaded.
FileUploadSanitizeNameEvent::$isSecurityRename protected property Indicates the filename has changed for security reasons.
FileUploadSanitizeNameEvent::getAllowedExtensions public function Gets the list of allowed extensions.
FileUploadSanitizeNameEvent::getFilename public function Gets the filename.
FileUploadSanitizeNameEvent::isSecurityRename public function Gets the security rename flag.
FileUploadSanitizeNameEvent::setFilename public function Sets the filename.
FileUploadSanitizeNameEvent::setSecurityRename public function Sets the security rename flag.
FileUploadSanitizeNameEvent::stopPropagation public function
FileUploadSanitizeNameEvent::__construct public function Constructs a file upload sanitize name event object.