_filter_html_image_secure_process($text)
Process callback for local image filter.
Related topics
- Standard filters
- Filters implemented by the Filter module.
File
- core/modules/filter/filter.module, line 765
- Framework for handling the filtering of content.
Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | function _filter_html_image_secure_process($text) { // Find the path (e.g. '/') to Drupal root. $base_path = base_path(); $base_path_length = Unicode::strlen($base_path); // Find the directory on the server where index.php resides. $local_dir = \Drupal::root() . '/'; $html_dom = Html::load($text); $images = $html_dom->getElementsByTagName('img'); foreach ($images as $image) { $src = $image->getAttribute('src'); // Transform absolute image URLs to relative image URLs: prevent problems on // multisite set-ups and prevent mixed content errors. $image->setAttribute('src', file_url_transform_relative($src)); // Verify that $src starts with $base_path. // This also ensures that external images cannot be referenced. $src = $image->getAttribute('src'); if (Unicode::substr($src, 0, $base_path_length) === $base_path) { // Remove the $base_path to get the path relative to the Drupal root. // Ensure the path refers to an actual image by prefixing the image source // with the Drupal root and running getimagesize() on it. $local_image_path = $local_dir . Unicode::substr($src, $base_path_length); $local_image_path = rawurldecode($local_image_path); if (@getimagesize($local_image_path)) { // The image has the right path. Erroneous images are dealt with below. continue; } } // Allow modules and themes to replace an invalid image with an error // indicator. See filter_filter_secure_image_alter(). \Drupal::moduleHandler()->alter('filter_secure_image', $image); } $text = Html::serialize($html_dom); return $text;} |
Please login to continue.