/** * {@inheritdoc} */ public function saveFile($uri, $destination, $extensions, AccountProxyInterface $user, $validators = []) { // Create the file entity. $file = $this->fileEntityFromUri($uri, $user); // Replace tokens. As the tokens might contain HTML we convert it to plain // text. $destination = PlainTextOutput::renderFromHtml($this->token->replace($destination)); // Handle potentialy dangerous extensions. $renamed = $this->renameExecutableExtensions($file); // The .txt extension may not be in the allowed list of extensions. We have // to add it here or else the file upload will fail. if ($renamed && !empty($extensions)) { $extensions .= ' txt'; drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', ['%filename' => $file->getFilename()])); } // Validate the file. $errors = $this->validateFile($file, $extensions, $validators); if (!empty($errors)) { $message = ['error' => ['#markup' => t('The specified file %name could not be uploaded.', ['%name' => $file->getFilename()])], 'item_list' => ['#theme' => 'item_list', '#items' => $errors]]; drupal_set_message($this->renderer->renderPlain($message), 'error'); return FALSE; } // Prepare destination. if (!$this->prepareDestination($file, $destination)) { drupal_set_message(t('The file could not be uploaded because the destination %destination is invalid.', ['%destination' => $destination]), 'error'); return FALSE; } // Move uploaded files from PHP's upload_tmp_dir to destination. $move_result = file_unmanaged_move($uri, $file->getFileUri()); if (!$move_result) { drupal_set_message(t('File upload error. Could not move uploaded file.'), 'error'); $this->logger->notice('Upload error. Could not move uploaded file %file to destination %destination.', ['%file' => $file->getFilename(), '%destination' => $file->getFileUri()]); return FALSE; } // Set the permissions on the new file. $this->fileSystem->chmod($file->getFileUri()); // If we made it this far it's safe to record this file in the database. $file->save(); return $file; }