diff --git a/core/modules/image/lib/Drupal/image/Controller/ImageStyleDownloadController.php b/core/modules/image/lib/Drupal/image/Controller/ImageStyleDownloadController.php index d24e8c4..478b037 100644 --- a/core/modules/image/lib/Drupal/image/Controller/ImageStyleDownloadController.php +++ b/core/modules/image/lib/Drupal/image/Controller/ImageStyleDownloadController.php @@ -93,6 +93,7 @@ public static function create(ContainerInterface $container) { */ public function deliver(Request $request, $scheme, ImageStyleInterface $image_style) { $target = $request->query->get('file'); + $image_uri = $scheme . '://' . $target; // Check that the style is defined, the scheme is valid, and the image // derivative token is valid. Sites which require image derivatives to be @@ -102,16 +103,14 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st // to denial-of-service attacks. $valid = !empty($image_style) && file_stream_wrapper_valid_scheme($scheme); if (!$this->configFactory->get('image.settings')->get('allow_insecure_derivatives')) { - $valid = $valid && $request->query->get(IMAGE_DERIVATIVE_TOKEN) === image_style_path_token($image_style->name, $scheme . '://' . $target); + $valid = $valid && $request->query->get(IMAGE_DERIVATIVE_TOKEN) === image_style_path_token($image_style->id(), $image_uri); } if (!$valid) { throw new AccessDeniedHttpException(); } - $image_uri = $scheme . '://' . $target; $derivative_uri = image_style_path($image_style->id(), $image_uri); - - $response = new Response(''); + $headers = array(); // If using the private scheme, let other modules provide headers and // control access to the file. @@ -124,20 +123,13 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st if (in_array(-1, $headers) || empty($headers)) { throw new AccessDeniedHttpException(); } - if (count($headers)) { - foreach ($headers as $name => $value) { - $response->headers->set($name, $value); - } - } } } // Don't try to generate file if source is missing. if (!file_exists($image_uri)) { watchdog('image', 'Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.', array('%source_image_path' => $image_uri, '%derivative_path' => $derivative_uri)); - $response->setContent(t('Error generating image, missing source file.')); - $response->setStatusCode(404); - return $response; + return new Response(t('Error generating image, missing source file.'), 404); } // Don't start generating the image if the derivative already exists or if @@ -148,10 +140,7 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st if (!$lock_acquired) { // Tell client to retry again in 3 seconds. Currently no browsers are known // to support Retry-After. - $response->headers->set('Status', '503 Service Unavailable'); - $response->headers->set('Retry-After', 3); - $response->setContent(t('Image generation in progress. Try again shortly.')); - return $response; + throw new ServiceUnavailableHttpException(3, t('Image generation in progress. Try again shortly.')); } } @@ -166,15 +155,15 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st if ($success) { $image = image_load($derivative_uri); $uri = $image->source; - $response->headers->set('Content-Type', $image->info['mime_type']); - $response->headers->set('Content-Length', $image->info['file_size']); - return new BinaryFileResponse($uri, 200, $response->headers->all()); + $headers += array( + 'Content-Type' => $image->info['mime_type'], + 'Content-Length' => $image->info['file_size'], + ); + return new BinaryFileResponse($uri, 200, $headers); } else { watchdog('image', 'Unable to generate the derived image located at %path.', array('%path' => $derivative_uri)); - $response->setContent(t('Error generating image.')); - $response->setStatusCode(500); - return $response; + return new Response(t('Error generating image.'), 500); } }