This function was introduced as part of the fix for a security issue in Drupal 7.20: http://drupal.org/SA-CORE-2013-002

The change broke D7 sites and contrib modules (see https://drupal.org/node/1923554 and https://drupal.org/node/1934498), so the Backdrop team decided to implement a different solution. Instead of adding tokens to the paths of image styles, Backdrop did the following:

  • Fixed the exploit of recursive paths being allowed in image styles.
  • Introduced flood protection for anonymous image generation, and set it to a modest limit of 5 images at a time (configurable via 'image_style_flood_limit' in system.core.json).
  • Leverage calls to image_style_url() to detect authorized image generation. Keep a list of all requested URLs, which are considered whitelisted.
  • When generating an image, check if it's in the whitelist. If it is, allow the image generation unconditionally. If the image is not in the whitelist, use one of the available anonymous image generation slots. If no slots are available, return a 403 Access Denied.
  • Keep the whitelist slim, by removing the image from the list after it is generated, or after the whitelist entry expires from tempstore.

This implementation got us a balance of security and convenience. Completely unauthorized image style generation is highly throttled by default, while loading a page with 50 images at once is considered okay, and all of them will be generated ASAP. As almost all image styles are run through image_style_url(), most images will get whitelisted, and behave the same as before the change. The throttled behavior is a fallback for situations such as an inline image in the body of a node, which is less common, and unlikely to occur en masse.

Module maintainers

You should remove this function from wherever it is being used when porting modules, as it is not needed.

Introduced in branch: 
1.0.x
Introduced in version: 
1.0.0
Impacts: 
Module developers