public function stream(AttachmentInterface $attachment, Request $request = null, $disposition = null) { $fullPhysicalPath = $this->pathHelper->getFullPath($attachment); $mimeType = $this->sanitiser->sanitiseMimeType($attachment->getMimeType()); if (!file_exists($fullPhysicalPath)) { return new NotFoundHttpException(sprintf('Attachment %s not found.', $attachment->getFilename())); } if (null !== $request and null === $disposition) { // If this is a safe MIME type, display inline ... $disposition = in_array($mimeType, static::$inlineMimes) ? 'inline' : 'attachment'; // Unless it's Internet Explorer prior to version 8, which can try // to guess the MIME type (dangerous!). A user-agent check is the // only real option here. $userAgent = $request->headers->get('User-Agent'); if (preg_match('/MSIE [1-7]\\./', $userAgent) && !preg_match('/\\) Opera/', $userAgent)) { $disposition = 'attachment'; } } else { $disposition = 'attachment'; } $headers = array('Cache-Control' => 'private, max-age=31536000', 'Content-Disposition' => sprintf('%s; filename="%s"', $disposition, $this->sanitiser->sanitiseFilename($attachment->getFilename())), 'Content-Length' => $attachment->getFileSize(), 'Content-Type' => $mimeType); return new StreamedResponse(function () use($fullPhysicalPath) { fpassthru(fopen($fullPhysicalPath, 'rb')); }, 200, $headers); }
/** * @dataProvider getFilenames */ public function testSanitiseFile($filename, $expected) { $sanitised = $this->sanitiser->sanitiseFilename($filename); $this->assertEquals($expected, $sanitised); }