You are here

public function TemporaryJsonapiFileFieldUploader::validateAndParseContentDispositionHeader in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/jsonapi/src/Controller/TemporaryJsonapiFileFieldUploader.php \Drupal\jsonapi\Controller\TemporaryJsonapiFileFieldUploader::validateAndParseContentDispositionHeader()

Validates and extracts the filename from the Content-Disposition header.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request object.

Return value

string The filename extracted from the header.

Throws

\Symfony\Component\HttpKernel\Exception\BadRequestHttpException Thrown when the 'Content-Disposition' request header is invalid.

File

core/modules/jsonapi/src/Controller/TemporaryJsonapiFileFieldUploader.php, line 239

Class

TemporaryJsonapiFileFieldUploader
Reads data from an upload stream and creates a corresponding file entity.

Namespace

Drupal\jsonapi\Controller

Code

public function validateAndParseContentDispositionHeader(Request $request) {

  // First, check the header exists.
  if (!$request->headers
    ->has('content-disposition')) {
    throw new BadRequestHttpException('"Content-Disposition" header is required. A file name in the format "filename=FILENAME" must be provided.');
  }
  $content_disposition = $request->headers
    ->get('content-disposition');

  // Parse the header value. This regex does not allow an empty filename.
  // i.e. 'filename=""'. This also matches on a word boundary so other keys
  // like 'not_a_filename' don't work.
  if (!preg_match(static::REQUEST_HEADER_FILENAME_REGEX, $content_disposition, $matches)) {
    throw new BadRequestHttpException('No filename found in "Content-Disposition" header. A file name in the format "filename=FILENAME" must be provided.');
  }

  // Check for the "filename*" format. This is currently unsupported.
  if (!empty($matches['star'])) {
    throw new BadRequestHttpException('The extended "filename*" format is currently not supported in the "Content-Disposition" header.');
  }

  // Don't validate the actual filename here, that will be done by the upload
  // validators in validate().
  // @see \Drupal\file\Plugin\rest\resource\FileUploadResource::validate()
  $filename = $matches['filename'];

  // Make sure only the filename component is returned. Path information is
  // stripped as per https://tools.ietf.org/html/rfc6266#section-4.3.
  return $this->fileSystem
    ->basename($filename);
}