- πΊπΈUnited States smustgrave
This came up as a daily BSI target
The function in question seems to have been removed, here's the CR https://www.drupal.org/node/3032541 β
Can we confirm still an issue?
An on-screen message is set when trying to upload a file that has a short (2-5 chars) name part (Eg: awesome_picture.beer.jpg - the part "beer" is shorter that 5 chars).
"For security reasons, your upload has been renamed to %filename."
When adding an on-screen message, a session is also set and this will block any future POST/PATCH api calls triggering an X-CSRF token error.
"X-CSRF-Token request header is missing"
This is a problem when using other authentication methods (Eg. oauth2). If you use cookie authentication for the rest calls then I think it should work just fine.
When you try to upload a file via REST api (Eg: /file/upload/{entity_type_id}/{bundle}/{field_name} ) that has a short (2-5 chars) middle name - Eg: awesome_picture.beer.jpg, the filename will be changed to "awesome_picture.beer_.jpg".
This happens when calling file_munge_filename() from \Drupal\file\Plugin\rest\resource\FileUploadResource->prepareFilename($filename, array &$validators)
file_munge_filename($filename, $extensions, $alerts = TRUE) function takes 3 parameters but when calling it from FileUploadResource class only 2 parameters are sent.
The 3rd parameter is the one telling Drupal not to set an on-screen message. So if we just add the third parameter as false, this should fix the issue.
Postponed: needs info
11.0 π₯
file system
The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
This came up as a daily BSI target
The function in question seems to have been removed, here's the CR https://www.drupal.org/node/3032541 β
Can we confirm still an issue?