You are here

Home » API reference » Plupload integration 8 » UploadController.php » UploadController

protected function UploadController::getFilename in Plupload integration 8

Same name and namespace in other branches
  1. 2.0.x src/UploadController.php \Drupal\plupload\UploadController::getFilename()

Reads, checks and return filename of a file being uploaded.

Throws

\Drupal\plupload\UploadException

1 call to UploadController::getFilename()
UploadController::handleUpload in src/UploadController.php
Handles multipart uploads.

File

src/UploadController.php, line 121

Class

UploadController
Plupload upload handling route.

Namespace

Drupal\plupload

Code

protected function getFilename() {
  if (empty($this->filename)) {
    try {

      // @todo this should probably bo OO.
      $this->filename = _plupload_fix_temporary_filename($this->request->request
        ->get('name'));
    } catch (InvalidArgumentException $e) {
      throw new UploadException(UploadException::FILENAME_ERROR);
    }

    // Check the file name for security reasons; it must contain letters,
    // numbers and underscores followed by a (single) ".tmp" extension.
    // Since this check is more stringent than the one performed in
    // plupload_element_value(), we do not need to run the checks performed
    // in that function here. This is fortunate, because it would be
    // difficult for us to get the correct list of allowed extensions
    // to pass in to file_munge_filename() from this point in the code
    // (outside the form API).
    if (!preg_match('/^\\w+\\.tmp$/', $this->filename)) {
      throw new UploadException(UploadException::FILENAME_ERROR);
    }
  }
  return $this->filename;
}