function file_file_download in Zircon Profile 8.0
Same name and namespace in other branches
- 8 core/modules/file/file.module \file_file_download()
Implements hook_file_download().
File
- core/
modules/ file/ file.module, line 572 - Defines a "managed_file" Form API field and a "file" field for Field module.
Code
function file_file_download($uri) {
// Get the file record based on the URI. If not in the database just return.
/** @var \Drupal\file\FileInterface[] $files */
$files = entity_load_multiple_by_properties('file', array(
'uri' => $uri,
));
if (count($files)) {
foreach ($files as $item) {
// Since some database servers sometimes use a case-insensitive comparison
// by default, double check that the filename is an exact match.
if ($item
->getFileUri() === $uri) {
$file = $item;
break;
}
}
}
if (!isset($file)) {
return;
}
// Find out if a temporary file is still used in the system.
if ($file
->isTemporary()) {
$usage = \Drupal::service('file.usage')
->listUsage($file);
if (empty($usage) && $file
->getOwnerId() != \Drupal::currentUser()
->id()) {
// Deny access to temporary files without usage that are not owned by the
// same user. This prevents the security issue that a private file that
// was protected by field permissions becomes available after its usage
// was removed and before it is actually deleted from the file system.
// Modules that depend on this behavior should make the file permanent
// instead.
return -1;
}
}
// Find out which (if any) fields of this type contain the file.
$references = file_get_file_references($file, NULL, EntityStorageInterface::FIELD_LOAD_CURRENT, NULL);
// Stop processing if there are no references in order to avoid returning
// headers for files controlled by other modules. Make an exception for
// temporary files where the host entity has not yet been saved (for example,
// an image preview on a node/add form) in which case, allow download by the
// file's owner.
if (empty($references) && ($file
->isPermanent() || $file
->getOwnerId() != \Drupal::currentUser()
->id())) {
return;
}
if (!$file
->access('download')) {
return -1;
}
// Access is granted.
$headers = file_get_content_headers($file);
return $headers;
}