Possibly faulty validation sequence for single image upload

Created on 21 December 2022, about 2 years ago

Updated 28 July 2023, over 1 year ago

Problem/Motivation

CKEditor5ImageController performs a validation on the uploaded single image; that validation logic differs from the one we see in FileUploadHandler and the differences need to be investigated to figure out which one is the more robust one, or if some kind of normalization/refactoring is needed to unify the validation logic.

Steps to reproduce

An issue on a contrib module 🐛 Can't upload files with CKEditor5 file upload Needs review brought this to attention.
The findings and important differences so far are that:
(a) CKEditor5ImageController during upload and validation will create a new File entity that references the destination file that is not present yet on the file system; that causes FileUploadSecureValidator's validation logic to issue an error.
CKEditor5ImageController performs first the File entity constraint validation and then calls the file_validate function that engages hook implementations for hook_file_validate.

(b) FileUploadHandler::handleFileUpload's code (which seems quite similar to CKEditor5ImageController::upload and CKEditor5ImageController::validate) runs in a different way.
The File entity it creates references the source (temporary uploaded file) and not the destination file; that allows hook implementations of hook_file_validate to have access to a File entity that references an existing file present on the filesystem;
it also performs first the call to the file_validate function, then and then proceeds to perform constrain validation on the File object itself before it's saved.

The latter (b) code flow seems more robust and would resolve the reported problem.

Proposed resolution

Figure out if CKEditor5ImageController has a faulty validation logic, comparing the implementation with that of FileUploadHandler::handleFileUpload.

📌 Task

Status

Closed: duplicate

Version

11.0 🔥

Component

CKEditor 5 →

Last updated about 12 hours ago

Maintained by
🇺🇸United States @bnjmnm
🇧🇪Belgium @wim leers
🇫🇮Finland @lauriii

Created by

🇨🇭Switzerland stefanos.petrakis@gmail.com Biel, Switzerland

Live updates comments and jobs are added and updated live.

Needs tests
The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Status changed to Closed: duplicate over 1 year ago12:48am 28 July 2023
Comment over 1 year ago →
🇦🇺Australia kim.pepper 🏄‍♂️🇦🇺Sydney, Australia
This looks like a duplicate of 🐛 [PP-1] CKEditor file upload sets file URI prior to validation, causing validators to be unable to find the file. Postponed which has progressed much further along. Transferring issue credit to that one.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024