function _filter_html_image_secure_process

Process callback for local image filter.

Related topics

Standard filters
Filters implemented by the Filter module.
1 call to _filter_html_image_secure_process()
FilterHtmlImageSecure::process in drupal/core/modules/filter/lib/Drupal/filter/Plugin/Filter/FilterHtmlImageSecure.php
Performs the filter processing.

File

drupal/core/modules/filter/filter.module, line 1377
Framework for handling the filtering of content.

Code

function _filter_html_image_secure_process($text) {

  // Find the path (e.g. '/') to Drupal root.
  $base_path = base_path();
  $base_path_length = drupal_strlen($base_path);

  // Find the directory on the server where index.php resides.
  $local_dir = DRUPAL_ROOT . '/';
  $html_dom = filter_dom_load($text);
  $images = $html_dom
    ->getElementsByTagName('img');
  foreach ($images as $image) {
    $src = $image
      ->getAttribute('src');

    // Remove absolute URLs pointing to the local domain to prevent mixed
    // content errors.
    $image
      ->setAttribute('src', preg_replace('|^https?://' . $_SERVER['HTTP_HOST'] . '|', '', $src));

    // Verify that $src starts with $base_path.
    // This also ensures that external images cannot be referenced.
    $src = $image
      ->getAttribute('src');
    if (drupal_substr($src, 0, $base_path_length) === $base_path) {

      // Remove the $base_path to get the path relative to the Drupal root.
      // Ensure the path refers to an actual image by prefixing the image source
      // with the Drupal root and running getimagesize() on it.
      $local_image_path = $local_dir . drupal_substr($src, $base_path_length);
      if (@getimagesize($local_image_path)) {

        // The image has the right path. Erroneous images are dealt with below.
        continue;
      }
    }

    // Replace an invalid image with an error indicator.
    theme('filter_html_image_secure_image', array(
      'image' => $image,
    ));
  }
  $text = filter_dom_serialize($html_dom);
  return $text;
}