_filter_html_image_secure_process

_filter_html_image_secure_process($text)

Process callback for local image filter.

Related topics

Standard filters
Filters implemented by the Filter module.

File

core/modules/filter/filter.module, line 765
Framework for handling the filtering of content.

Code

function _filter_html_image_secure_process($text) {
  // Find the path (e.g. '/') to Drupal root.
  $base_path = base_path();
  $base_path_length = Unicode::strlen($base_path);

  // Find the directory on the server where index.php resides.
  $local_dir = \Drupal::root() . '/';

  $html_dom = Html::load($text);
  $images = $html_dom->getElementsByTagName('img');
  foreach ($images as $image) {
    $src = $image->getAttribute('src');
    // Transform absolute image URLs to relative image URLs: prevent problems on
    // multisite set-ups and prevent mixed content errors.
    $image->setAttribute('src', file_url_transform_relative($src));

    // Verify that $src starts with $base_path.
    // This also ensures that external images cannot be referenced.
    $src = $image->getAttribute('src');
    if (Unicode::substr($src, 0, $base_path_length) === $base_path) {
      // Remove the $base_path to get the path relative to the Drupal root.
      // Ensure the path refers to an actual image by prefixing the image source
      // with the Drupal root and running getimagesize() on it.
      $local_image_path = $local_dir . Unicode::substr($src, $base_path_length);
      $local_image_path = rawurldecode($local_image_path);
      if (@getimagesize($local_image_path)) {
        // The image has the right path. Erroneous images are dealt with below.
        continue;
      }
    }
    // Allow modules and themes to replace an invalid image with an error
    // indicator. See filter_filter_secure_image_alter().
    \Drupal::moduleHandler()->alter('filter_secure_image', $image);
  }
  $text = Html::serialize($html_dom);
  return $text;
}
doc_Drupal
2016-10-29 09:57:13
Comments
Leave a Comment

Please login to continue.