public function TemporaryJsonapiFileFieldUploader::validateAndParseContentDispositionHeader in Drupal 9
Same name and namespace in other branches
- 8 core/modules/jsonapi/src/Controller/TemporaryJsonapiFileFieldUploader.php \Drupal\jsonapi\Controller\TemporaryJsonapiFileFieldUploader::validateAndParseContentDispositionHeader()
Validates and extracts the filename from the Content-Disposition header.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request object.
Return value
string The filename extracted from the header.
Throws
\Symfony\Component\HttpKernel\Exception\BadRequestHttpException Thrown when the 'Content-Disposition' request header is invalid.
File
- core/
modules/ jsonapi/ src/ Controller/ TemporaryJsonapiFileFieldUploader.php, line 239
Class
- TemporaryJsonapiFileFieldUploader
- Reads data from an upload stream and creates a corresponding file entity.
Namespace
Drupal\jsonapi\ControllerCode
public function validateAndParseContentDispositionHeader(Request $request) {
// First, check the header exists.
if (!$request->headers
->has('content-disposition')) {
throw new BadRequestHttpException('"Content-Disposition" header is required. A file name in the format "filename=FILENAME" must be provided.');
}
$content_disposition = $request->headers
->get('content-disposition');
// Parse the header value. This regex does not allow an empty filename.
// i.e. 'filename=""'. This also matches on a word boundary so other keys
// like 'not_a_filename' don't work.
if (!preg_match(static::REQUEST_HEADER_FILENAME_REGEX, $content_disposition, $matches)) {
throw new BadRequestHttpException('No filename found in "Content-Disposition" header. A file name in the format "filename=FILENAME" must be provided.');
}
// Check for the "filename*" format. This is currently unsupported.
if (!empty($matches['star'])) {
throw new BadRequestHttpException('The extended "filename*" format is currently not supported in the "Content-Disposition" header.');
}
// Don't validate the actual filename here, that will be done by the upload
// validators in validate().
// @see \Drupal\file\Plugin\rest\resource\FileUploadResource::validate()
$filename = $matches['filename'];
// Make sure only the filename component is returned. Path information is
// stripped as per https://tools.ietf.org/html/rfc6266#section-4.3.
return $this->fileSystem
->basename($filename);
}