/**
  * Handles private file transfers.
  *
  * Call modules that implement hook_file_download() to find out if a file is
  * accessible and what headers it should be transferred with. If one or more
  * modules returned headers the download will start with the returned headers.
  * If a module returns -1 an AccessDeniedHttpException will be thrown. If the
  * file exists but no modules responded an AccessDeniedHttpException will be
  * thrown. If the file does not exist a NotFoundHttpException will be thrown.
  *
  * @see hook_file_download()
  *
  * @param \Symfony\Component\HttpFoundation\Request $request
  *   The request object.
  * @param string $scheme
  *   The file scheme, defaults to 'private'.
  *
  * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
  *   Thrown when the requested file does not exist.
  * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
  *   Thrown when the user does not have access to the file.
  *
  * @return \Symfony\Component\HttpFoundation\BinaryFileResponse
  *   The transferred file as response.
  */
 public function download(Request $request, $scheme = 'private')
 {
     $target = $request->query->get('file');
     // Merge remaining path arguments into relative file path.
     $uri = $scheme . '://' . $target;
     if (file_stream_wrapper_valid_scheme($scheme) && file_exists($uri)) {
         // Let other modules provide headers and controls access to the file.
         $headers = $this->moduleHandler()->invokeAll('file_download', array($uri));
         foreach ($headers as $result) {
             if ($result == -1) {
                 throw new AccessDeniedHttpException();
             }
         }
         if (count($headers)) {
             return new BinaryFileResponse($uri, 200, $headers);
         }
         throw new AccessDeniedHttpException();
     }
     throw new NotFoundHttpException();
 }
Esempio n. 2
0
 /**
  * {@inheritdoc}
  */
 public function save($destination)
 {
     $scheme = file_uri_scheme($destination);
     // Work around lack of stream wrapper support in imagejpeg() and imagepng().
     if ($scheme && file_stream_wrapper_valid_scheme($scheme)) {
         // If destination is not local, save image to temporary local file.
         $local_wrappers = file_get_stream_wrappers(STREAM_WRAPPERS_LOCAL);
         if (!isset($local_wrappers[$scheme])) {
             $permanent_destination = $destination;
             $destination = drupal_tempnam('temporary://', 'gd_');
         }
         // Convert stream wrapper URI to normal path.
         $destination = drupal_realpath($destination);
     }
     switch ($this->getType()) {
         case GDToolkitWebP::IMAGETYPE_WEBP:
             $function = 'imagewebp';
             break;
         default:
             $function = 'image' . image_type_to_extension($this->getType(), FALSE);
             break;
     }
     if (!function_exists($function)) {
         return FALSE;
     }
     if ($this->getType() == IMAGETYPE_JPEG) {
         $success = $function($this->getResource(), $destination, $this->configFactory->get('system.image.gd')->get('jpeg_quality'));
     } else {
         // Always save PNG images with full transparency.
         if ($this->getType() == IMAGETYPE_PNG) {
             imagealphablending($this->getResource(), FALSE);
             imagesavealpha($this->getResource(), TRUE);
         }
         $success = $function($this->getResource(), $destination);
     }
     // Move temporary local file to remote destination.
     if (isset($permanent_destination) && $success) {
         return (bool) file_unmanaged_move($destination, $permanent_destination, FILE_EXISTS_REPLACE);
     }
     return $success;
 }
 /**
  * Handles private file transfers.
  *
  * Call modules that implement hook_file_download() to find out if a file is
  * accessible and what headers it should be transferred with. If one or more
  * modules returned headers the download will start with the returned headers.
  * If a module returns -1 an AccessDeniedHttpException will be thrown. If the
  * file exists but no modules responded an AccessDeniedHttpException will be
  * thrown. If the file does not exist a NotFoundHttpException will be thrown.
  *
  * @see hook_file_download()
  *
  * @param \Symfony\Component\HttpFoundation\Request $request
  *   The request object.
  * @param string $scheme
  *   The file scheme, defaults to 'private'.
  *
  * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
  *   Thrown when the requested file does not exist.
  * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
  *   Thrown when the user does not have access to the file.
  *
  * @return \Symfony\Component\HttpFoundation\BinaryFileResponse
  *   The transferred file as response.
  */
 public function download(Request $request, $scheme = 'private')
 {
     $target = $request->query->get('file');
     // Merge remaining path arguments into relative file path.
     $uri = $scheme . '://' . $target;
     if (file_stream_wrapper_valid_scheme($scheme) && file_exists($uri)) {
         // Let other modules provide headers and controls access to the file.
         $headers = $this->moduleHandler()->invokeAll('file_download', array($uri));
         foreach ($headers as $result) {
             if ($result == -1) {
                 throw new AccessDeniedHttpException();
             }
         }
         if (count($headers)) {
             // \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond()
             // sets response as not cacheable if the Cache-Control header is not
             // already modified. We pass in FALSE for non-private schemes for the
             // $public parameter to make sure we don't change the headers.
             return new BinaryFileResponse($uri, 200, $headers, $scheme !== 'private');
         }
         throw new AccessDeniedHttpException();
     }
     throw new NotFoundHttpException();
 }
 /**
  * Test the scheme functions.
  */
 function testGetValidStreamScheme()
 {
     $this->assertEqual('foo', file_uri_scheme('foo://pork//chops'), 'Got the correct scheme from foo://asdf');
     $this->assertEqual('data', file_uri_scheme('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=='), 'Got the correct scheme from a data URI.');
     $this->assertFalse(file_uri_scheme('foo/bar.txt'), 'foo/bar.txt is not a valid stream.');
     $this->assertTrue(file_stream_wrapper_valid_scheme(file_uri_scheme('public://asdf')), 'Got a valid stream scheme from public://asdf');
     $this->assertFalse(file_stream_wrapper_valid_scheme(file_uri_scheme('foo://asdf')), 'Did not get a valid stream scheme from foo://asdf');
 }
Esempio n. 5
0
 /**
  * Test the scheme functions.
  */
 function testGetValidStreamScheme()
 {
     $this->assertEqual('foo', file_uri_scheme('foo://pork//chops'), 'Got the correct scheme from foo://asdf');
     $this->assertTrue(file_stream_wrapper_valid_scheme(file_uri_scheme('public://asdf')), 'Got a valid stream scheme from public://asdf');
     $this->assertFalse(file_stream_wrapper_valid_scheme(file_uri_scheme('foo://asdf')), 'Did not get a valid stream scheme from foo://asdf');
 }
  /**
   * An adaptation of file_save_upload() that includes more verbose errors.
   *
   * @param string $source
   *   A string specifying the filepath or URI of the uploaded file to save.
   *
   * @return stdClass
   *   The saved file object.
   *
   * @throws \RestfulBadRequestException
   * @throws \RestfulServiceUnavailable
   *
   * @see file_save_upload()
   */
  protected function fileSaveUpload($source) {
    static $upload_cache;

    $account = $this->getAccount();
    $options = $this->getPluginKey('options');

    $validators = $options['validators'];
    $destination = $options['scheme'] . "://";
    $replace = $options['replace'];

    // Return cached objects without processing since the file will have
    // already been processed and the paths in _FILES will be invalid.
    if (isset($upload_cache[$source])) {
      return $upload_cache[$source];
    }

    // Make sure there's an upload to process.
    if (empty($_FILES['files']['name'][$source])) {
      return NULL;
    }

    // Check for file upload errors and return FALSE if a lower level system
    // error occurred. For a complete list of errors:
    // See http://php.net/manual/features.file-upload.errors.php.
    switch ($_FILES['files']['error'][$source]) {
      case UPLOAD_ERR_INI_SIZE:
      case UPLOAD_ERR_FORM_SIZE:
        $message = format_string('The file %file could not be saved, because it exceeds %maxsize, the maximum allowed size for uploads.', array('%file' => $_FILES['files']['name'][$source], '%maxsize' => format_size(file_upload_max_size())));
        throw new \RestfulBadRequestException($message);

      case UPLOAD_ERR_PARTIAL:
      case UPLOAD_ERR_NO_FILE:
        $message = format_string('The file %file could not be saved, because the upload did not complete.', array('%file' => $_FILES['files']['name'][$source]));
        throw new \RestfulBadRequestException($message);

      case UPLOAD_ERR_OK:
        // Final check that this is a valid upload, if it isn't, use the
        // default error handler.
        if (is_uploaded_file($_FILES['files']['tmp_name'][$source])) {
          break;
        }

      // Unknown error
      default:
        $message = format_string('The file %file could not be saved. An unknown error has occurred.', array('%file' => $_FILES['files']['name'][$source]));
        throw new \RestfulServiceUnavailable($message);
    }

    // Begin building file object.
    $file = new stdClass();
    $file->uid      = $account->uid;
    $file->status   = 0;
    $file->filename = trim(drupal_basename($_FILES['files']['name'][$source]), '.');
    $file->uri      = $_FILES['files']['tmp_name'][$source];
    $file->filemime = file_get_mimetype($file->filename);
    $file->filesize = $_FILES['files']['size'][$source];

    $extensions = '';
    if (isset($validators['file_validate_extensions'])) {
      if (isset($validators['file_validate_extensions'][0])) {
        // Build the list of non-munged extensions if the caller provided them.
        $extensions = $validators['file_validate_extensions'][0];
      }
      else {
        // If 'file_validate_extensions' is set and the list is empty then the
        // caller wants to allow any extension. In this case we have to remove the
        // validator or else it will reject all extensions.
        unset($validators['file_validate_extensions']);
      }
    }
    else {
      // No validator was provided, so add one using the default list.
      // Build a default non-munged safe list for file_munge_filename().
      $extensions = 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp';
      $validators['file_validate_extensions'] = array();
      $validators['file_validate_extensions'][0] = $extensions;
    }

    if (!empty($extensions)) {
      // Munge the filename to protect against possible malicious extension hiding
      // within an unknown file type (ie: filename.html.foo).
      $file->filename = file_munge_filename($file->filename, $extensions);
    }

    // Rename potentially executable files, to help prevent exploits (i.e. will
    // rename filename.php.foo and filename.php to filename.php.foo.txt and
    // filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads'
    // evaluates to TRUE.
    if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
      $file->filemime = 'text/plain';
      $file->uri .= '.txt';
      $file->filename .= '.txt';
      // The .txt extension may not be in the allowed list of extensions. We have
      // to add it here or else the file upload will fail.
      if (!empty($extensions)) {
        $validators['file_validate_extensions'][0] .= ' txt';

        // Unlike file_save_upload() we don't need to let the user know that
        // for security reasons, your upload has been renamed, since RESTful
        // will return the file name in the response.
      }
    }

    // If the destination is not provided, use the temporary directory.
    if (empty($destination)) {
      $destination = 'temporary://';
    }

    // Assert that the destination contains a valid stream.
    $destination_scheme = file_uri_scheme($destination);
    if (!$destination_scheme || !file_stream_wrapper_valid_scheme($destination_scheme)) {
      $message = format_string('The file could not be uploaded, because the destination %destination is invalid.', array('%destination' => $destination));
      throw new \RestfulServiceUnavailable($message);
    }

    $file->source = $source;
    // A URI may already have a trailing slash or look like "public://".
    if (substr($destination, -1) != '/') {
      $destination .= '/';
    }
    $file->destination = file_destination($destination . $file->filename, $replace);
    // If file_destination() returns FALSE then $replace == FILE_EXISTS_ERROR and
    // there's an existing file so we need to bail.
    if ($file->destination === FALSE) {
      $message = format_string('The file %source could not be uploaded because a file by that name already exists in the destination %directory.', array('%source' => $source, '%directory' => $destination));
      throw new \RestfulServiceUnavailable($message);
    }

    // Add in our check of the the file name length.
    $validators['file_validate_name_length'] = array();

    // Call the validation functions specified by this function's caller.
    $errors = file_validate($file, $validators);

    // Check for errors.
    if (!empty($errors)) {
      $message = format_string('The specified file %name could not be uploaded.', array('%name' => $file->filename));
      if (count($errors) > 1) {
        $message .= theme('item_list', array('items' => $errors));
      }
      else {
        $message .= ' ' . array_pop($errors);
      }

      throw new \RestfulServiceUnavailable($message);
    }

    // Move uploaded files from PHP's upload_tmp_dir to Drupal's temporary
    // directory. This overcomes open_basedir restrictions for future file
    // operations.
    $file->uri = $file->destination;
    if (!drupal_move_uploaded_file($_FILES['files']['tmp_name'][$source], $file->uri)) {
      watchdog('file', 'Upload error. Could not move uploaded file %file to destination %destination.', array('%file' => $file->filename, '%destination' => $file->uri));
      $message = 'File upload error. Could not move uploaded file.';
      throw new \RestfulServiceUnavailable($message);
    }

    // Set the permissions on the new file.
    drupal_chmod($file->uri);

    // If we are replacing an existing file re-use its database record.
    if ($replace == FILE_EXISTS_REPLACE) {
      $existing_files = file_load_multiple(array(), array('uri' => $file->uri));
      if (count($existing_files)) {
        $existing = reset($existing_files);
        $file->fid = $existing->fid;
      }
    }

    // If we made it this far it's safe to record this file in the database.
    if ($file = file_save($file)) {
      // Add file to the cache.
      $upload_cache[$source] = $file;
      return $file;
    }

    // Something went wrong, so throw a general exception.
    throw new \RestfulServiceUnavailable('Unknown error has occurred.');
  }
 /**
  * Generates a derivative, given a style and image path.
  *
  * After generating an image, transfer it to the requesting agent.
  *
  * @param \Symfony\Component\HttpFoundation\Request $request
  *   The request object.
  * @param string $scheme
  *   The file scheme, defaults to 'private'.
  * @param \Drupal\image\ImageStyleInterface $image_style
  *   The image style to deliver.
  *
  * @return \Symfony\Component\HttpFoundation\BinaryFileResponse|\Symfony\Component\HttpFoundation\Response
  *   The transferred file as response or some error response.
  *
  * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
  *   Thrown when the user does not have access to the file.
  * @throws \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException
  *   Thrown when the file is still being generated.
  */
 public function deliver(Request $request, $scheme, ImageStyleInterface $image_style)
 {
     $target = $request->query->get('file');
     $image_uri = $scheme . '://' . $target;
     // Check that the style is defined, the scheme is valid, and the image
     // derivative token is valid. Sites which require image derivatives to be
     // generated without a token can set the
     // 'image.settings:allow_insecure_derivatives' configuration to TRUE to
     // bypass the latter check, but this will increase the site's vulnerability
     // to denial-of-service attacks. To prevent this variable from leaving the
     // site vulnerable to the most serious attacks, a token is always required
     // when a derivative of a style is requested.
     // The $target variable for a derivative of a style has
     // styles/<style_name>/... as structure, so we check if the $target variable
     // starts with styles/.
     $valid = !empty($image_style) && file_stream_wrapper_valid_scheme($scheme);
     if (!$this->config('image.settings')->get('allow_insecure_derivatives') || strpos(ltrim($target, '\\/'), 'styles/') === 0) {
         $valid &= $request->query->get(IMAGE_DERIVATIVE_TOKEN) === $image_style->getPathToken($image_uri);
     }
     if (!$valid) {
         throw new AccessDeniedHttpException();
     }
     $derivative_uri = $image_style->buildUri($image_uri);
     $headers = array();
     // If using the private scheme, let other modules provide headers and
     // control access to the file.
     if ($scheme == 'private') {
         if (file_exists($derivative_uri)) {
             return parent::download($request, $scheme);
         } else {
             $headers = $this->moduleHandler()->invokeAll('file_download', array($image_uri));
             if (in_array(-1, $headers) || empty($headers)) {
                 throw new AccessDeniedHttpException();
             }
         }
     }
     // Don't try to generate file if source is missing.
     if (!file_exists($image_uri)) {
         // If the image style converted the extension, it has been added to the
         // original file, resulting in filenames like image.png.jpeg. So to find
         // the actual source image, we remove the extension and check if that
         // image exists.
         $path_info = pathinfo($image_uri);
         $converted_image_uri = $path_info['dirname'] . DIRECTORY_SEPARATOR . $path_info['filename'];
         if (!file_exists($converted_image_uri)) {
             $this->logger->notice('Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.', array('%source_image_path' => $image_uri, '%derivative_path' => $derivative_uri));
             return new Response($this->t('Error generating image, missing source file.'), 404);
         } else {
             // The converted file does exist, use it as the source.
             $image_uri = $converted_image_uri;
         }
     }
     // Don't start generating the image if the derivative already exists or if
     // generation is in progress in another thread.
     $lock_name = 'image_style_deliver:' . $image_style->id() . ':' . Crypt::hashBase64($image_uri);
     if (!file_exists($derivative_uri)) {
         $lock_acquired = $this->lock->acquire($lock_name);
         if (!$lock_acquired) {
             // Tell client to retry again in 3 seconds. Currently no browsers are
             // known to support Retry-After.
             throw new ServiceUnavailableHttpException(3, $this->t('Image generation in progress. Try again shortly.'));
         }
     }
     // Try to generate the image, unless another thread just did it while we
     // were acquiring the lock.
     $success = file_exists($derivative_uri) || $image_style->createDerivative($image_uri, $derivative_uri);
     if (!empty($lock_acquired)) {
         $this->lock->release($lock_name);
     }
     if ($success) {
         $image = $this->imageFactory->get($derivative_uri);
         $uri = $image->getSource();
         $headers += array('Content-Type' => $image->getMimeType(), 'Content-Length' => $image->getFileSize());
         // \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond()
         // sets response as not cacheable if the Cache-Control header is not
         // already modified. We pass in FALSE for non-private schemes for the
         // $public parameter to make sure we don't change the headers.
         return new BinaryFileResponse($uri, 200, $headers, $scheme !== 'private');
     } else {
         $this->logger->notice('Unable to generate the derived image located at %path.', array('%path' => $derivative_uri));
         return new Response($this->t('Error generating image.'), 500);
     }
 }
 /**
  * Generates a derivative, given a style and image path.
  *
  * After generating an image, transfer it to the requesting agent.
  *
  * @param \Symfony\Component\HttpFoundation\Request $request
  *   The request object.
  * @param string $scheme
  *   The file scheme, defaults to 'private'.
  * @param \Drupal\image\ImageStyleInterface $image_style
  *   The image style to deliver.
  *
  * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
  *   Thrown when the user does not have access to the file.
  * @throws \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException
  *   Thrown when the file is still being generated.
  *
  * @return \Symfony\Component\HttpFoundation\BinaryFileResponse|\Symfony\Component\HttpFoundation\Response
  *   The transferred file as response or some error response.
  */
 public function deliver(Request $request, $scheme, ImageStyleInterface $image_style)
 {
     $target = $request->query->get('file');
     $image_uri = $scheme . '://' . $target;
     // Check that the style is defined, the scheme is valid, and the image
     // derivative token is valid. Sites which require image derivatives to be
     // generated without a token can set the
     // 'image.settings:allow_insecure_derivatives' configuration to TRUE to
     // bypass the latter check, but this will increase the site's vulnerability
     // to denial-of-service attacks.
     $valid = !empty($image_style) && file_stream_wrapper_valid_scheme($scheme);
     if (!$this->config('image.settings')->get('allow_insecure_derivatives')) {
         $valid &= $request->query->get(IMAGE_DERIVATIVE_TOKEN) === $image_style->getPathToken($image_uri);
     }
     if (!$valid) {
         throw new AccessDeniedHttpException();
     }
     $derivative_uri = $image_style->buildUri($image_uri);
     $headers = array();
     // If using the private scheme, let other modules provide headers and
     // control access to the file.
     if ($scheme == 'private') {
         if (file_exists($derivative_uri)) {
             return parent::download($request, $scheme);
         } else {
             $headers = $this->moduleHandler()->invokeAll('file_download', array($image_uri));
             if (in_array(-1, $headers) || empty($headers)) {
                 throw new AccessDeniedHttpException();
             }
         }
     }
     // Don't try to generate file if source is missing.
     if (!file_exists($image_uri)) {
         watchdog('image', 'Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.', array('%source_image_path' => $image_uri, '%derivative_path' => $derivative_uri));
         return new Response($this->t('Error generating image, missing source file.'), 404);
     }
     // Don't start generating the image if the derivative already exists or if
     // generation is in progress in another thread.
     $lock_name = 'image_style_deliver:' . $image_style->id() . ':' . Crypt::hashBase64($image_uri);
     if (!file_exists($derivative_uri)) {
         $lock_acquired = $this->lock->acquire($lock_name);
         if (!$lock_acquired) {
             // Tell client to retry again in 3 seconds. Currently no browsers are
             // known to support Retry-After.
             throw new ServiceUnavailableHttpException(3, $this->t('Image generation in progress. Try again shortly.'));
         }
     }
     // Try to generate the image, unless another thread just did it while we
     // were acquiring the lock.
     $success = file_exists($derivative_uri) || $image_style->createDerivative($image_uri, $derivative_uri);
     if (!empty($lock_acquired)) {
         $this->lock->release($lock_name);
     }
     if ($success) {
         drupal_page_is_cacheable(FALSE);
         $image = $this->imageFactory->get($derivative_uri);
         $uri = $image->getSource();
         $headers += array('Content-Type' => $image->getMimeType(), 'Content-Length' => $image->getFileSize());
         return new BinaryFileResponse($uri, 200, $headers);
     } else {
         watchdog('image', 'Unable to generate the derived image located at %path.', array('%path' => $derivative_uri));
         return new Response($this->t('Error generating image.'), 500);
     }
 }
Esempio n. 9
0
 /**
  * Validate and set destination the destination URI.
  *
  * @param \Drupal\file\FileInterface $file
  *   The file entity object.
  * @param string $destination
  *   A string containing the URI that the file should be copied to. This must
  *   be a stream wrapper URI.
  *
  * @return bool
  *   True if the destination was sucesfully validated and set, otherwise
  *   false.
  */
 protected function prepareDestination(FileInterface $file, $destination)
 {
     // Assert that the destination contains a valid stream.
     $destination_scheme = file_uri_scheme($destination);
     if (!file_stream_wrapper_valid_scheme($destination_scheme)) {
         return FALSE;
     }
     // Prepare the destination dir.
     if (!file_exists($destination)) {
         $this->fileSystem->mkdir($destination);
     }
     // A file URI may already have a trailing slash or look like "public://".
     if (substr($destination, -1) != '/') {
         $destination .= '/';
     }
     $file->destination = file_destination($destination . $file->getFilename(), FILE_EXISTS_RENAME);
     $file->setFileUri($file->destination);
     return TRUE;
 }
Esempio n. 10
0
 /**
  * Uploads the file to EMDB.
  *
  * @param string $form_field_name
  *   A string that is the associative array key of the upload form element in
  *   the form array.
  * @param string $catalog_id
  *   The catalog id for the catalog we are uploading to.
  * @param array $metadata
  *   Additional properties that can be passed into EMDB and stored as metadata
  *   on the file. These values are not stored locally in Drupal.
  * @param array $validators
  *   An optional, associative array of callback functions used to validate the
  *   file.
  * @param string|bool $destination_dir
  *   A string containing the URI that the file should be copied to. This must
  *   be a stream wrapper URI. If this value is omitted, Drupal's temporary
  *   files scheme will be used ("temporary://").
  * @param int $delta
  *   Delta of the file to save or NULL to save all files. Defaults to NULL.
  * @param int $replace
  *   Replace behavior when the destination file already exists:
  *   - FILE_EXISTS_REPLACE: Replace the existing file.
  *   - FILE_EXISTS_RENAME: Append _{incrementing number} until the filename is
  *     unique.
  *   - FILE_EXISTS_ERROR: Do nothing and return FALSE.
  *
  * @return \Drupal\embridge\EmbridgeAssetEntityInterface[]
  *   Function returns array of files or a single file object if $delta
  *   != NULL. Each file object contains the file information if the
  *   upload succeeded or FALSE in the event of an error. Function
  *   returns NULL if no file was uploaded.
  *
  *   The docs for the "File interface" group, which you can find under
  *   Related topics, or the header at the top of this file, documents the
  *   components of a file entity. In addition to the standard components,
  *   this function adds:
  *   - source: Path to the file before it is moved.
  *   - destination: Path to the file after it is moved (same as 'uri').
  */
 public static function saveUpload($form_field_name, $catalog_id, $metadata = array(), $validators = array(), $destination_dir = FALSE, $delta = NULL, $replace = FILE_EXISTS_RENAME)
 {
     $user = \Drupal::currentUser();
     static $upload_cache;
     $file_upload = \Drupal::request()->files->get("files[{$form_field_name}]", NULL, TRUE);
     // Make sure there's an upload to process.
     if (empty($file_upload)) {
         return NULL;
     }
     // Return cached objects without processing since the file will have
     // already been processed and the paths in $_FILES will be invalid.
     if (isset($upload_cache[$form_field_name])) {
         if (isset($delta)) {
             return $upload_cache[$form_field_name][$delta];
         }
         return $upload_cache[$form_field_name];
     }
     // Prepare uploaded files info. Representation is slightly different
     // for multiple uploads and we fix that here.
     /** @var \Symfony\Component\HttpFoundation\File\UploadedFile[] $uploaded_files */
     $uploaded_files = $file_upload;
     if (!is_array($file_upload)) {
         $uploaded_files = array($file_upload);
     }
     $assets = array();
     foreach ($uploaded_files as $i => $file_info) {
         // Check for file upload errors and return FALSE for this file if a lower
         // level system error occurred. For a complete list of errors:
         // See http://php.net/manual/features.file-upload.errors.php.
         switch ($file_info->getError()) {
             case UPLOAD_ERR_INI_SIZE:
             case UPLOAD_ERR_FORM_SIZE:
                 drupal_set_message(t('The file %file could not be saved because it exceeds %maxsize, the maximum allowed size for uploads.', array('%file' => $file_info->getFilename(), '%maxsize' => format_size(file_upload_max_size()))), 'error');
                 $assets[$i] = FALSE;
                 continue;
             case UPLOAD_ERR_PARTIAL:
             case UPLOAD_ERR_NO_FILE:
                 drupal_set_message(t('The file %file could not be saved because the upload did not complete.', array('%file' => $file_info->getFilename())), 'error');
                 $assets[$i] = FALSE;
                 continue;
             case UPLOAD_ERR_OK:
                 // Final check that this is a valid upload, if it isn't, use the
                 // default error handler.
                 if (is_uploaded_file($file_info->getRealPath())) {
                     break;
                 }
             default:
                 // Unknown error.
                 drupal_set_message(t('The file %file could not be saved. An unknown error has occurred.', array('%file' => $file_info->getFilename())), 'error');
                 $assets[$i] = FALSE;
                 continue;
         }
         // Begin building file entity.
         $values = array('uid' => $user->id(), 'filename' => $file_info->getClientOriginalName(), 'filesize' => $file_info->getSize(), 'catalog_id' => $catalog_id);
         $values['filemime'] = \Drupal::service('file.mime_type.guesser')->guess($values['filename']);
         // Create our Embridge Entity.
         /** @var \Drupal\embridge\EmbridgeAssetEntityInterface $asset */
         $asset = EmbridgeAssetEntity::create($values);
         $extensions = '';
         if (isset($validators['embridge_asset_validate_file_extensions'])) {
             if (isset($validators['embridge_asset_validate_file_extensions'][0])) {
                 // Build the list of non-munged exts if the caller provided them.
                 $extensions = $validators['embridge_asset_validate_file_extensions'][0];
             } else {
                 // If 'file_validate_extensions' is set and the list is empty then the
                 // caller wants to allow any extension. In this case we have to remove
                 // the validator or else it will reject all extensions.
                 unset($validators['embridge_asset_validate_file_extensions']);
             }
         } else {
             // No validator was provided, so add one using the default list.
             // Build a default non-munged safe list for file_munge_filename().
             $extensions = 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp';
             $validators['embridge_asset_validate_file_extensions'] = array();
             $validators['embridge_asset_validate_file_extensions'][0] = $extensions;
         }
         if (!empty($extensions)) {
             // Munge the filename to protect against possible malicious extension
             // hiding within an unknown file type (ie: filename.html.foo).
             $asset->setFilename(file_munge_filename($asset->getFilename(), $extensions));
         }
         // Rename potentially executable files, to help prevent exploits.
         if (!\Drupal::config('system.file')->get('allow_insecure_uploads') && preg_match('/\\.(php|pl|py|cgi|asp|js)(\\.|$)/i', $asset->getFilename()) && substr($asset->getFilename(), -4) != '.txt') {
             $asset->setMimeType('text/plain');
             // The destination filename will also later be used to create the URI.
             $asset->setFilename($asset->getFilename() . '.txt');
             // The .txt extension may not be in the allowed list of extensions.
             // We have to add it here or else the file upload will fail.
             if (!empty($extensions)) {
                 $validators['embridge_asset_validate_file_extensions'][0] .= ' txt';
                 drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $asset->getFilename())));
             }
         }
         // If the destination is not provided, use the temporary directory.
         if (empty($destination_dir)) {
             $destination_dir = 'temporary://';
         }
         // Assert that the destination contains a valid stream.
         $destination_scheme = file_uri_scheme($destination_dir);
         if (!file_stream_wrapper_valid_scheme($destination_scheme)) {
             drupal_set_message(t('The file could not be uploaded because the destination %destination is invalid.', array('%destination' => $destination_dir)), 'error');
             $assets[$i] = FALSE;
             continue;
         }
         // A file URI may already have a trailing slash or look like "public://".
         if (substr($destination_dir, -1) != '/') {
             $destination_dir .= '/';
         }
         $asset_destination = file_destination($destination_dir . $asset->getFilename(), $replace);
         // If file_destination() returns FALSE then $replace === FILE_EXISTS_ERROR
         // and there's an existing file so we need to bail.
         if ($asset_destination === FALSE) {
             drupal_set_message(t('The file %source could not be uploaded because a file by that name already exists in the destination %directory.', array('%source' => $form_field_name, '%directory' => $destination_dir)), 'error');
             $assets[$i] = FALSE;
             continue;
         }
         // Add in our check of the file name length.
         // TODO: Do we need this?
         // $validators['file_validate_name_length'] = array();
         // Call the validation functions specified by this function's caller.
         $errors = embridge_asset_validate($asset, $validators);
         // Check for errors.
         if (!empty($errors)) {
             $message = array('error' => array('#markup' => t('The specified file %name could not be uploaded.', array('%name' => $asset->getFilename()))), 'item_list' => array('#theme' => 'item_list', '#items' => $errors));
             // @todo Add support for render arrays in drupal_set_message()? See
             // https://www.drupal.org/node/2505497.
             drupal_set_message(\Drupal::service('renderer')->renderPlain($message), 'error');
             $assets[$i] = FALSE;
             continue;
         }
         // Move uploaded files from PHP's upload_tmp_dir to Drupal's temporary
         // directory. This overcomes open_basedir restrictions for future file
         // operations.
         $asset->setSourcePath($asset_destination);
         if (!drupal_move_uploaded_file($file_info->getRealPath(), $asset->getSourcePath())) {
             drupal_set_message(t('File upload error. Could not move uploaded file.'), 'error');
             \Drupal::logger('file')->notice('Upload error. Could not move uploaded file %file to destination %destination.', array('%file' => $asset->getFilename(), '%destination' => $asset->getSourcePath()));
             $assets[$i] = FALSE;
             continue;
         }
         // Set the permissions on the new file.
         drupal_chmod($asset->getSourcePath());
         // If we are replacing an existing file re-use its database record.
         // @todo Do not create a new entity in order to update it. See
         // https://www.drupal.org/node/2241865.
         if ($replace == FILE_EXISTS_REPLACE) {
             $existing_files = entity_load_multiple_by_properties('embridge_asset_entity', array('uri' => $asset->getSourcePath()));
             if (count($existing_files)) {
                 $existing = reset($existing_files);
                 $asset->setOriginalId($existing->id());
             }
         }
         /** @var \Drupal\embridge\EnterMediaDbClientInterface $embridge_client */
         $embridge_client = \Drupal::getContainer()->get('embridge.client');
         try {
             $embridge_client->upload($asset, $metadata);
         } catch (\Exception $e) {
             $message = $e->getMessage();
             drupal_set_message(t('Uploading the file "%file" to EnterMedia failed with the message "%message".', array('%file' => $asset->getFilename(), '%message' => $message)), 'error');
             $assets[$i] = FALSE;
             continue;
         }
         // If we made it this far it's safe to record this file in the database.
         $asset->save();
         $assets[$i] = $asset;
     }
     // Add files to the cache.
     $upload_cache[$form_field_name] = $assets;
     return isset($delta) ? $assets[$delta] : $assets;
 }