You are here

Home » API reference » File Entity (fieldable files) 8.2 » FileEntity.php » FileEntity

public function FileEntity::getDownloadToken in File Entity (fieldable files) 8.2

Generates a token to protect a file download URL.

This prevents unauthorized crawling of all file download URLs since the {file_managed}.fid column is an auto-incrementing serial field and is easy to guess or attempt many at once. This can be costly both in CPU time and bandwidth.

Return value

string An eight-character token which can be used to protect file downloads against denial-of-service attacks.

See also

image_style_path_token()

1 call to FileEntity::getDownloadToken()
FileEntity::downloadUrl in src/Entity/FileEntity.php
Returns a Url for a file download.

File

src/Entity/FileEntity.php, line 471

Class

FileEntity
Replace for the core file entity class.

Namespace

Drupal\file_entity\Entity

Code

public function getDownloadToken() {

  // Return the first eight characters.
  return substr(Crypt::hmacBase64("file/{$this->id()}/download:" . $this
    ->getFileUri(), \Drupal::service('private_key')
    ->get() . Settings::getHashSalt()), 0, 8);
}