123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460 |
- <?php
- namespace Drupal\file\Element;
- use Drupal\Component\Utility\Crypt;
- use Drupal\Component\Utility\Html;
- use Drupal\Component\Utility\NestedArray;
- use Drupal\Core\Ajax\AjaxResponse;
- use Drupal\Core\Ajax\ReplaceCommand;
- use Drupal\Core\Form\FormStateInterface;
- use Drupal\Core\Render\Element;
- use Drupal\Core\Render\Element\FormElement;
- use Drupal\Core\Site\Settings;
- use Drupal\Core\Url;
- use Drupal\file\Entity\File;
- use Symfony\Component\HttpFoundation\Request;
- /**
- * Provides an AJAX/progress aware widget for uploading and saving a file.
- *
- * @FormElement("managed_file")
- */
- class ManagedFile extends FormElement {
- /**
- * {@inheritdoc}
- */
- public function getInfo() {
- $class = get_class($this);
- return [
- '#input' => TRUE,
- '#process' => [
- [$class, 'processManagedFile'],
- ],
- '#element_validate' => [
- [$class, 'validateManagedFile'],
- ],
- '#pre_render' => [
- [$class, 'preRenderManagedFile'],
- ],
- '#theme' => 'file_managed_file',
- '#theme_wrappers' => ['form_element'],
- '#progress_indicator' => 'throbber',
- '#progress_message' => NULL,
- '#upload_validators' => [],
- '#upload_location' => NULL,
- '#size' => 22,
- '#multiple' => FALSE,
- '#extended' => FALSE,
- '#attached' => [
- 'library' => ['file/drupal.file'],
- ],
- '#accept' => NULL,
- ];
- }
- /**
- * {@inheritdoc}
- */
- public static function valueCallback(&$element, $input, FormStateInterface $form_state) {
- // Find the current value of this field.
- $fids = !empty($input['fids']) ? explode(' ', $input['fids']) : [];
- foreach ($fids as $key => $fid) {
- $fids[$key] = (int) $fid;
- }
- $force_default = FALSE;
- // Process any input and save new uploads.
- if ($input !== FALSE) {
- $input['fids'] = $fids;
- $return = $input;
- // Uploads take priority over all other values.
- if ($files = file_managed_file_save_upload($element, $form_state)) {
- if ($element['#multiple']) {
- $fids = array_merge($fids, array_keys($files));
- }
- else {
- $fids = array_keys($files);
- }
- }
- else {
- // Check for #filefield_value_callback values.
- // Because FAPI does not allow multiple #value_callback values like it
- // does for #element_validate and #process, this fills the missing
- // functionality to allow File fields to be extended through FAPI.
- if (isset($element['#file_value_callbacks'])) {
- foreach ($element['#file_value_callbacks'] as $callback) {
- $callback($element, $input, $form_state);
- }
- }
- // Load files if the FIDs have changed to confirm they exist.
- if (!empty($input['fids'])) {
- $fids = [];
- foreach ($input['fids'] as $fid) {
- if ($file = File::load($fid)) {
- $fids[] = $file->id();
- // Temporary files that belong to other users should never be
- // allowed.
- if ($file->isTemporary()) {
- if ($file->getOwnerId() != \Drupal::currentUser()->id()) {
- $force_default = TRUE;
- break;
- }
- // Since file ownership can't be determined for anonymous users,
- // they are not allowed to reuse temporary files at all. But
- // they do need to be able to reuse their own files from earlier
- // submissions of the same form, so to allow that, check for the
- // token added by $this->processManagedFile().
- elseif (\Drupal::currentUser()->isAnonymous()) {
- $token = NestedArray::getValue($form_state->getUserInput(), array_merge($element['#parents'], ['file_' . $file->id(), 'fid_token']));
- if ($token !== Crypt::hmacBase64('file-' . $file->id(), \Drupal::service('private_key')->get() . Settings::getHashSalt())) {
- $force_default = TRUE;
- break;
- }
- }
- }
- }
- }
- if ($force_default) {
- $fids = [];
- }
- }
- }
- }
- // If there is no input or if the default value was requested above, use the
- // default value.
- if ($input === FALSE || $force_default) {
- if ($element['#extended']) {
- $default_fids = isset($element['#default_value']['fids']) ? $element['#default_value']['fids'] : [];
- $return = isset($element['#default_value']) ? $element['#default_value'] : ['fids' => []];
- }
- else {
- $default_fids = isset($element['#default_value']) ? $element['#default_value'] : [];
- $return = ['fids' => []];
- }
- // Confirm that the file exists when used as a default value.
- if (!empty($default_fids)) {
- $fids = [];
- foreach ($default_fids as $fid) {
- if ($file = File::load($fid)) {
- $fids[] = $file->id();
- }
- }
- }
- }
- $return['fids'] = $fids;
- return $return;
- }
- /**
- * #ajax callback for managed_file upload forms.
- *
- * This ajax callback takes care of the following things:
- * - Ensures that broken requests due to too big files are caught.
- * - Adds a class to the response to be able to highlight in the UI, that a
- * new file got uploaded.
- *
- * @param array $form
- * The build form.
- * @param \Drupal\Core\Form\FormStateInterface $form_state
- * The form state.
- * @param \Symfony\Component\HttpFoundation\Request $request
- * The current request.
- *
- * @return \Drupal\Core\Ajax\AjaxResponse
- * The ajax response of the ajax upload.
- */
- public static function uploadAjaxCallback(&$form, FormStateInterface &$form_state, Request $request) {
- /** @var \Drupal\Core\Render\RendererInterface $renderer */
- $renderer = \Drupal::service('renderer');
- $form_parents = explode('/', $request->query->get('element_parents'));
- // Sanitize form parents before using them.
- $form_parents = array_filter($form_parents, [Element::class, 'child']);
- // Retrieve the element to be rendered.
- $form = NestedArray::getValue($form, $form_parents);
- // Add the special AJAX class if a new file was added.
- $current_file_count = $form_state->get('file_upload_delta_initial');
- if (isset($form['#file_upload_delta']) && $current_file_count < $form['#file_upload_delta']) {
- $form[$current_file_count]['#attributes']['class'][] = 'ajax-new-content';
- }
- // Otherwise just add the new content class on a placeholder.
- else {
- $form['#suffix'] .= '<span class="ajax-new-content"></span>';
- }
- $status_messages = ['#type' => 'status_messages'];
- $form['#prefix'] .= $renderer->renderRoot($status_messages);
- $output = $renderer->renderRoot($form);
- $response = new AjaxResponse();
- $response->setAttachments($form['#attached']);
- return $response->addCommand(new ReplaceCommand(NULL, $output));
- }
- /**
- * Render API callback: Expands the managed_file element type.
- *
- * Expands the file type to include Upload and Remove buttons, as well as
- * support for a default value.
- */
- public static function processManagedFile(&$element, FormStateInterface $form_state, &$complete_form) {
- // This is used sometimes so let's implode it just once.
- $parents_prefix = implode('_', $element['#parents']);
- $fids = isset($element['#value']['fids']) ? $element['#value']['fids'] : [];
- // Set some default element properties.
- $element['#progress_indicator'] = empty($element['#progress_indicator']) ? 'none' : $element['#progress_indicator'];
- $element['#files'] = !empty($fids) ? File::loadMultiple($fids) : FALSE;
- $element['#tree'] = TRUE;
- // Generate a unique wrapper HTML ID.
- $ajax_wrapper_id = Html::getUniqueId('ajax-wrapper');
- $ajax_settings = [
- 'callback' => [get_called_class(), 'uploadAjaxCallback'],
- 'options' => [
- 'query' => [
- 'element_parents' => implode('/', $element['#array_parents']),
- ],
- ],
- 'wrapper' => $ajax_wrapper_id,
- 'effect' => 'fade',
- 'progress' => [
- 'type' => $element['#progress_indicator'],
- 'message' => $element['#progress_message'],
- ],
- ];
- // Set up the buttons first since we need to check if they were clicked.
- $element['upload_button'] = [
- '#name' => $parents_prefix . '_upload_button',
- '#type' => 'submit',
- '#value' => t('Upload'),
- '#attributes' => ['class' => ['js-hide']],
- '#validate' => [],
- '#submit' => ['file_managed_file_submit'],
- '#limit_validation_errors' => [$element['#parents']],
- '#ajax' => $ajax_settings,
- '#weight' => -5,
- ];
- // Force the progress indicator for the remove button to be either 'none' or
- // 'throbber', even if the upload button is using something else.
- $ajax_settings['progress']['type'] = ($element['#progress_indicator'] == 'none') ? 'none' : 'throbber';
- $ajax_settings['progress']['message'] = NULL;
- $ajax_settings['effect'] = 'none';
- $element['remove_button'] = [
- '#name' => $parents_prefix . '_remove_button',
- '#type' => 'submit',
- '#value' => $element['#multiple'] ? t('Remove selected') : t('Remove'),
- '#validate' => [],
- '#submit' => ['file_managed_file_submit'],
- '#limit_validation_errors' => [$element['#parents']],
- '#ajax' => $ajax_settings,
- '#weight' => 1,
- ];
- $element['fids'] = [
- '#type' => 'hidden',
- '#value' => $fids,
- ];
- // Add progress bar support to the upload if possible.
- if ($element['#progress_indicator'] == 'bar' && $implementation = file_progress_implementation()) {
- $upload_progress_key = mt_rand();
- if ($implementation == 'uploadprogress') {
- $element['UPLOAD_IDENTIFIER'] = [
- '#type' => 'hidden',
- '#value' => $upload_progress_key,
- '#attributes' => ['class' => ['file-progress']],
- // Uploadprogress extension requires this field to be at the top of
- // the form.
- '#weight' => -20,
- ];
- }
- elseif ($implementation == 'apc') {
- $element['APC_UPLOAD_PROGRESS'] = [
- '#type' => 'hidden',
- '#value' => $upload_progress_key,
- '#attributes' => ['class' => ['file-progress']],
- // Uploadprogress extension requires this field to be at the top of
- // the form.
- '#weight' => -20,
- ];
- }
- // Add the upload progress callback.
- $element['upload_button']['#ajax']['progress']['url'] = Url::fromRoute('file.ajax_progress', ['key' => $upload_progress_key]);
- }
- // The file upload field itself.
- $element['upload'] = [
- '#name' => 'files[' . $parents_prefix . ']',
- '#type' => 'file',
- '#title' => t('Choose a file'),
- '#title_display' => 'invisible',
- '#size' => $element['#size'],
- '#multiple' => $element['#multiple'],
- '#theme_wrappers' => [],
- '#weight' => -10,
- '#error_no_message' => TRUE,
- ];
- if (!empty($element['#accept'])) {
- $element['upload']['#attributes'] = ['accept' => $element['#accept']];
- }
- if (!empty($fids) && $element['#files']) {
- foreach ($element['#files'] as $delta => $file) {
- $file_link = [
- '#theme' => 'file_link',
- '#file' => $file,
- ];
- if ($element['#multiple']) {
- $element['file_' . $delta]['selected'] = [
- '#type' => 'checkbox',
- '#title' => \Drupal::service('renderer')->renderPlain($file_link),
- ];
- }
- else {
- $element['file_' . $delta]['filename'] = $file_link + ['#weight' => -10];
- }
- // Anonymous users who have uploaded a temporary file need a
- // non-session-based token added so $this->valueCallback() can check
- // that they have permission to use this file on subsequent submissions
- // of the same form (for example, after an Ajax upload or form
- // validation error).
- if ($file->isTemporary() && \Drupal::currentUser()->isAnonymous()) {
- $element['file_' . $delta]['fid_token'] = [
- '#type' => 'hidden',
- '#value' => Crypt::hmacBase64('file-' . $delta, \Drupal::service('private_key')->get() . Settings::getHashSalt()),
- ];
- }
- }
- }
- // Add the extension list to the page as JavaScript settings.
- if (isset($element['#upload_validators']['file_validate_extensions'][0])) {
- $extension_list = implode(',', array_filter(explode(' ', $element['#upload_validators']['file_validate_extensions'][0])));
- $element['upload']['#attached']['drupalSettings']['file']['elements']['#' . $element['#id']] = $extension_list;
- }
- // Let #id point to the file element, so the field label's 'for' corresponds
- // with it.
- $element['#id'] = &$element['upload']['#id'];
- // Prefix and suffix used for Ajax replacement.
- $element['#prefix'] = '<div id="' . $ajax_wrapper_id . '">';
- $element['#suffix'] = '</div>';
- return $element;
- }
- /**
- * Render API callback: Hides display of the upload or remove controls.
- *
- * Upload controls are hidden when a file is already uploaded. Remove controls
- * are hidden when there is no file attached. Controls are hidden here instead
- * of in \Drupal\file\Element\ManagedFile::processManagedFile(), because
- * #access for these buttons depends on the managed_file element's #value. See
- * the documentation of \Drupal\Core\Form\FormBuilderInterface::doBuildForm()
- * for more detailed information about the relationship between #process,
- * #value, and #access.
- *
- * Because #access is set here, it affects display only and does not prevent
- * JavaScript or other untrusted code from submitting the form as though
- * access were enabled. The form processing functions for these elements
- * should not assume that the buttons can't be "clicked" just because they are
- * not displayed.
- *
- * @see \Drupal\file\Element\ManagedFile::processManagedFile()
- * @see \Drupal\Core\Form\FormBuilderInterface::doBuildForm()
- */
- public static function preRenderManagedFile($element) {
- // If we already have a file, we don't want to show the upload controls.
- if (!empty($element['#value']['fids'])) {
- if (!$element['#multiple']) {
- $element['upload']['#access'] = FALSE;
- $element['upload_button']['#access'] = FALSE;
- }
- }
- // If we don't already have a file, there is nothing to remove.
- else {
- $element['remove_button']['#access'] = FALSE;
- }
- return $element;
- }
- /**
- * Render API callback: Validates the managed_file element.
- */
- public static function validateManagedFile(&$element, FormStateInterface $form_state, &$complete_form) {
- $clicked_button = end($form_state->getTriggeringElement()['#parents']);
- if ($clicked_button != 'remove_button' && !empty($element['fids']['#value'])) {
- $fids = $element['fids']['#value'];
- foreach ($fids as $fid) {
- if ($file = File::load($fid)) {
- // If referencing an existing file, only allow if there are existing
- // references. This prevents unmanaged files from being deleted if
- // this item were to be deleted. When files that are no longer in use
- // are automatically marked as temporary (now disabled by default),
- // it is not safe to reference a permanent file without usage. Adding
- // a usage and then later on removing it again would delete the file,
- // but it is unknown if and where it is currently referenced. However,
- // when files are not marked temporary (and then removed)
- // automatically, it is safe to add and remove usages, as it would
- // simply return to the current state.
- // @see https://www.drupal.org/node/2891902
- if ($file->isPermanent() && \Drupal::config('file.settings')->get('make_unused_managed_files_temporary')) {
- $references = static::fileUsage()->listUsage($file);
- if (empty($references)) {
- // We expect the field name placeholder value to be wrapped in t()
- // here, so it won't be escaped again as it's already marked safe.
- $form_state->setError($element, t('The file used in the @name field may not be referenced.', ['@name' => $element['#title']]));
- }
- }
- }
- else {
- // We expect the field name placeholder value to be wrapped in t()
- // here, so it won't be escaped again as it's already marked safe.
- $form_state->setError($element, t('The file referenced by the @name field does not exist.', ['@name' => $element['#title']]));
- }
- }
- }
- // Check required property based on the FID.
- if ($element['#required'] && empty($element['fids']['#value']) && !in_array($clicked_button, ['upload_button', 'remove_button'])) {
- // We expect the field name placeholder value to be wrapped in t()
- // here, so it won't be escaped again as it's already marked safe.
- $form_state->setError($element, t('@name field is required.', ['@name' => $element['#title']]));
- }
- // Consolidate the array value of this field to array of FIDs.
- if (!$element['#extended']) {
- $form_state->setValueForElement($element, $element['fids']['#value']);
- }
- }
- /**
- * Wraps the file usage service.
- *
- * @return \Drupal\file\FileUsage\FileUsageInterface
- */
- protected static function fileUsage() {
- return \Drupal::service('file.usage');
- }
- }
|