Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #1815504 by pwolanin, Kevin Hankens: File_save_upload() should not alter the file URI string before validation.

8.0.x
Alex Pott 2014-01-04 00:43:57 +01:00
parent 91acb77fa5
commit c28e5144b6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/modules/file/file.module
View File

@ -860,7 +860,7 @@ function file_save_upload($form_field_name, array &$form_state, $validators = ar
// evaluates to TRUE.
if (!\Drupal::config('system.file')->get('allow_insecure_uploads') && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->getFilename()) && (substr($file->getFilename(), -4) != '.txt')) {
$file->setMimeType('text/plain');
$file->setFileUri($file->getFileUri() . '.txt');
// The destination filename will also later be used to create the URI.
$file->setFilename($file->getFilename() . '.txt');
// The .txt extension may not be in the allowed list of extensions. We have
// to add it here or else the file upload will fail.