You are here

public function MTimeProtectedFastFileStorage::getFullPath in Zircon Profile 8.0

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Component/PhpStorage/MTimeProtectedFastFileStorage.php \Drupal\Component\PhpStorage\MTimeProtectedFastFileStorage::getFullPath()

Gets the full path where the file is or should be stored.

This function creates a file path that includes a unique containing directory for the file and a file name that is a hash of the virtual file name, a cryptographic secret, and the containing directory mtime. If the file is overridden by an insecure upload script, the directory mtime gets modified, invalidating the file, thus protecting against untrusted code getting executed.

Parameters

string $name: The virtual file name. Can be a relative path.

string $directory: (optional) The directory containing the file. If not passed, this is retrieved by calling getContainingDirectoryFullPath().

int $directory_mtime: (optional) The mtime of $directory. Can be passed to avoid an extra filesystem call when the mtime of the directory is already known.

Return value

string The full path where the file is or should be stored.

Overrides FileStorage::getFullPath

2 calls to MTimeProtectedFastFileStorage::getFullPath()
MTimeProtectedFastFileStorage::save in core/lib/Drupal/Component/PhpStorage/MTimeProtectedFastFileStorage.php
Saves PHP code to storage.
MTimeProtectedFileStorage::checkFile in core/lib/Drupal/Component/PhpStorage/MTimeProtectedFileStorage.php
Determines whether a protected file exists and sets the filename too.

File

core/lib/Drupal/Component/PhpStorage/MTimeProtectedFastFileStorage.php, line 131
Contains \Drupal\Component\PhpStorage\MTimeProtectedFastFileStorage.

Class

MTimeProtectedFastFileStorage
Stores PHP code in files with securely hashed names.

Namespace

Drupal\Component\PhpStorage

Code

public function getFullPath($name, &$directory = NULL, &$directory_mtime = NULL) {
  if (!isset($directory)) {
    $directory = $this
      ->getContainingDirectoryFullPath($name);
  }
  if (!isset($directory_mtime)) {
    $directory_mtime = file_exists($directory) ? filemtime($directory) : 0;
  }
  return $directory . '/' . hash_hmac('sha256', $name, $this->secret . $directory_mtime) . '.php';
}