You are here

protected function FileUploadResource::validateAndParseContentDispositionHeader in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/file/src/Plugin/rest/resource/FileUploadResource.php \Drupal\file\Plugin\rest\resource\FileUploadResource::validateAndParseContentDispositionHeader()

Validates and extracts the filename from the Content-Disposition header.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request object.

Return value

string The filename extracted from the header.

Throws

\Symfony\Component\HttpKernel\Exception\BadRequestHttpException Thrown when the 'Content-Disposition' request header is invalid.

1 call to FileUploadResource::validateAndParseContentDispositionHeader()
FileUploadResource::post in core/modules/file/src/Plugin/rest/resource/FileUploadResource.php
Creates a file from an endpoint.

File

core/modules/file/src/Plugin/rest/resource/FileUploadResource.php, line 377

Class

FileUploadResource
File upload resource.

Namespace

Drupal\file\Plugin\rest\resource

Code

protected function validateAndParseContentDispositionHeader(Request $request) {

  // Firstly, check the header exists.
  if (!$request->headers
    ->has('content-disposition')) {
    throw new BadRequestHttpException('"Content-Disposition" header is required. A file name in the format "filename=FILENAME" must be provided');
  }
  $content_disposition = $request->headers
    ->get('content-disposition');

  // Parse the header value. This regex does not allow an empty filename.
  // i.e. 'filename=""'. This also matches on a word boundary so other keys
  // like 'not_a_filename' don't work.
  if (!preg_match(static::REQUEST_HEADER_FILENAME_REGEX, $content_disposition, $matches)) {
    throw new BadRequestHttpException('No filename found in "Content-Disposition" header. A file name in the format "filename=FILENAME" must be provided');
  }

  // Check for the "filename*" format. This is currently unsupported.
  if (!empty($matches['star'])) {
    throw new BadRequestHttpException('The extended "filename*" format is currently not supported in the "Content-Disposition" header');
  }

  // Don't validate the actual filename here, that will be done by the upload
  // validators in validate().
  // @see \Drupal\file\Plugin\rest\resource\FileUploadResource::validate()
  $filename = $matches['filename'];

  // Make sure only the filename component is returned. Path information is
  // stripped as per https://tools.ietf.org/html/rfc6266#section-4.3.
  return $this->fileSystem
    ->basename($filename);
}