| 1 system.module | system_file_download($uri) |
Implements hook_file_download().
File
- core/
modules/ system/ system.module, line 4482 - Configuration system that lets administrators modify the workings of the site.
Code
function system_file_download($uri) {
// If $uri is a path or belongs to a scheme that has . and .. segments removed
// in file_uri_normalize_dot_segments(), then do not allow such segments now.
$scheme = file_uri_scheme($uri);
if (file_stream_wrapper_valid_scheme($scheme)) {
$target = file_uri_target($uri);
if ($target !== FALSE) {
$skip_schemes = config_get('system.core', 'file_not_normalized_schemes');
if (!in_array($scheme, $skip_schemes)) {
// If $uri represents a local path, then replace DIRECTORY_SEPARATOR
// with '/'.
if (DIRECTORY_SEPARATOR !== '/') {
$class = file_stream_wrapper_get_class($scheme);
if (is_subclass_of($class, BackdropLocalStreamWrapper::)) {
$uri = str_replace(DIRECTORY_SEPARATOR, '/', $uri);
}
}
$parts = explode('/', $uri);
foreach ($parts as $part) {
if ($part === '.' || $part === '..') {
// Deny path traversal.
return -1;
}
}
}
}
}
$core_schemes = array('public', 'private', 'temporary');
$additional_public_schemes = array_diff((array) config_get('system.core', 'file_additional_public_schemes'), $core_schemes);
if ($additional_public_schemes) {
$scheme = file_uri_scheme($uri);
if (in_array($scheme, $additional_public_schemes, TRUE)) {
return array(
// Returning any header grants access, and setting the 'Cache-Control'
// header is appropriate for public files.
'Cache-Control' => 'public',
);
}
}
}