file.module

<?php

/**
 * @file
 * Defines a "managed_file" Form API field and a "file" field for Field module.
 */

use Drupal\Component\Utility\String;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Render\Element;
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\file\Entity\File;
use Drupal\file\FileInterface;
use Drupal\Component\Utility\NestedArray;
use Drupal\Component\Utility\Unicode;
use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\Core\Template\Attribute;
use Drupal\file\FileUsage\FileUsageInterface;

// Load all Field module hooks for File.
require_once __DIR__ . '/file.field.inc';

/**
 * Implements hook_help().
 */
function file_help($route_name, RouteMatchInterface $route_match) {
  switch ($route_name) {
    case 'help.page.file':
      $output = '';
      $output .= '<h3>' . t('About') . '</h3>';
      $output .= '<p>' . t('The File module allows you to create fields that contain files. See the <a href="!field">Field module help</a> and the <a href="!field_ui">Field UI help</a> pages for general information on fields and how to create and manage them. For more information, see the <a href="!file_documentation">online documentation for the File module</a>.', array('!field' => \Drupal::url('help.page', array('name' => 'field')), '!field_ui' => \Drupal::url('help.page', array('name' => 'field_ui')), '!file_documentation' => 'https://drupal.org/documentation/modules/file')) . '</p>';
      $output .= '<h3>' . t('Uses') . '</h3>';
      $output .= '<dl>';
      $output .= '<dt>' . t('Managing and displaying file fields') . '</dt>';
      $output .= '<dd>' . t('The <em>settings</em> and the <em>display</em> of the file field can be configured separately. See the <a href="!field_ui">Field UI help</a> for more information on how to manage fields and their display.', array('!field_ui' => \Drupal::url('help.page', array('name' => 'field_ui')))) . '</dd>';
      $output .= '<dt>' . t('Allowing file extensions') . '</dt>';
      $output .= '<dd>' . t('In the field settings, you can define the allowed file extensions (for example <em>pdf docx psd</em>) for the files that will be uploaded with the file field.') . '</dd>';
      $output .= '<dt>' . t('Storing files ') . '</dt>';
      $output .= '<dd>' . t('Uploaded files can either be stored as <em>public</em> or <em>private</em>, depending on the <a href="!file-system">File system settings</a>. For more information, see the <a href="!system-help">System module help page</a>.', array('!file-system' => \Drupal::url('system.file_system_settings'), '!system-help' => \Drupal::url('help.page', array('name' => 'system')))) . '</dd>';
      $output .= '<dt>' . t('Restricting the maximum file size') . '</dt>';
      $output .= '<dd>' . t('The maximum file size that users can upload is limited by PHP settings of the server, but you can restrict by entering the desired value as the <em>Maximum upload size</em> setting. The maximum file size is automatically displayed to users in the help text of the file field.') . '</dd>';
      $output .= '<dt>' . t('Displaying files and descriptions') . '<dt>';
      $output .= '<dd>' . t('In the field settings, you can allow users to toggle whether individual files are displayed. In the display settings, you can then choose one of the following formats: <ul><li><em>Generic file</em> displays links to the files and adds icons that symbolize the file extensions. If <em>descriptions</em> are enabled and have been submitted, then the description is displayed instead of the file name.</li><li><em>URL to file</em> displays the full path to the file as plain text.</li><li><em>Table of files</em> lists links to the files and the file sizes in a table.</li><li><em>RSS enclosure</em> only displays the first file, and only in a RSS feed, formatted according to the RSS 2.0 syntax for enclosures.</li></ul> A file can still be linked to directly by its URI even if it is not displayed.') . '</dd>';
      $output .= '</dl>';
      return $output;
  }
}

/**
 * Implements hook_element_info().
 *
 * The managed file element may be used anywhere in Drupal.
 */
function file_element_info() {
  $types['managed_file'] = array(
    '#input' => TRUE,
    '#process' => array('file_managed_file_process'),
    '#value_callback' => 'file_managed_file_value',
    '#element_validate' => array('file_managed_file_validate'),
    '#pre_render' => array('file_managed_file_pre_render'),
    '#theme' => 'file_managed_file',
    '#theme_wrappers' => array('form_element'),
    '#progress_indicator' => 'throbber',
    '#progress_message' => NULL,
    '#upload_validators' => array(),
    '#upload_location' => NULL,
    '#size' => 22,
    '#multiple' => FALSE,
    '#extended' => FALSE,
    '#attached' => array(
      'library' => array('file/drupal.file'),
    ),
  );
  return $types;
}

/**
 * Loads file entities from the database.
 *
 * @param array $fids
 *   (optional) An array of entity IDs. If omitted, all entities are loaded.
 * @param $reset
 *   Whether to reset the internal file_load_multiple() cache.
 *
 * @return array
 *   An array of file entities, indexed by fid.
 *
 * @deprecated in Drupal 8.x, will be removed before Drupal 9.0.
 *   Use \Drupal\file\Entity\File::loadMultiple().
 *
 * @see hook_ENTITY_TYPE_load()
 * @see file_load()
 * @see entity_load()
 * @see \Drupal\Core\Entity\Query\EntityQueryInterface
 */
function file_load_multiple(array $fids = NULL, $reset = FALSE) {
  if ($reset) {
    \Drupal::entityManager()->getStorage('file')->resetCache($fids);
  }
  return File::loadMultiple($fids);
}

/**
 * Loads a single file entity from the database.
 *
 * @param $fid
 *   A file ID.
 * @param $reset
 *   Whether to reset the internal file_load_multiple() cache.
 *
 * @return \Drupal\file\FileInterface
 *   A file entity or NULL if the file was not found.
 *
 * @deprecated in Drupal 8.x, will be removed before Drupal 9.0.
 *   Use \Drupal\file\Entity\File::load().
 *
 * @see hook_ENTITY_TYPE_load()
 * @see file_load_multiple()
 */
function file_load($fid, $reset = FALSE) {
  if ($reset) {
    \Drupal::entityManager()->getStorage('file')->resetCache(array($fid));
  }
  return File::load($fid);
}

/**
 * Copies a file to a new location and adds a file record to the database.
 *
 * This function should be used when manipulating files that have records
 * stored in the database. This is a powerful function that in many ways
 * performs like an advanced version of copy().
 * - Checks if $source and $destination are valid and readable/writable.
 * - If file already exists in $destination either the call will error out,
 *   replace the file or rename the file based on the $replace parameter.
 * - If the $source and $destination are equal, the behavior depends on the
 *   $replace parameter. FILE_EXISTS_REPLACE will error out. FILE_EXISTS_RENAME
 *   will rename the file until the $destination is unique.
 * - Adds the new file to the files database. If the source file is a
 *   temporary file, the resulting file will also be a temporary file. See
 *   file_save_upload() for details on temporary files.
 *
 * @param \Drupal\file\FileInterface $source
 *   A file entity.
 * @param $destination
 *   A string containing the destination that $source should be copied to.
 *   This must be a stream wrapper URI.
 * @param $replace
 *   Replace behavior when the destination file already exists:
 *   - FILE_EXISTS_REPLACE - Replace the existing file. If a managed file with
 *       the destination name exists then its database entry will be updated. If
 *       no database entry is found then a new one will be created.
 *   - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
 *       unique.
 *   - FILE_EXISTS_ERROR - Do nothing and return FALSE.
 *
 * @return
 *   File object if the copy is successful, or FALSE in the event of an error.
 *
 * @see file_unmanaged_copy()
 * @see hook_file_copy()
 */
function file_copy(FileInterface $source, $destination = NULL, $replace = FILE_EXISTS_RENAME) {
  if (!file_valid_uri($destination)) {
    if (($realpath = drupal_realpath($source->getFileUri())) !== FALSE) {
      \Drupal::logger('file')->notice('File %file (%realpath) could not be copied because the destination %destination is invalid. This is often caused by improper use of file_copy() or a missing stream wrapper.', array('%file' => $source->getFileUri(), '%realpath' => $realpath, '%destination' => $destination));
    }
    else {
      \Drupal::logger('file')->notice('File %file could not be copied because the destination %destination is invalid. This is often caused by improper use of file_copy() or a missing stream wrapper.', array('%file' => $source->getFileUri(), '%destination' => $destination));
    }
    drupal_set_message(t('The specified file %file could not be copied because the destination is invalid. More information is available in the system log.', array('%file' => $source->getFileUri())), 'error');
    return FALSE;
  }

  if ($uri = file_unmanaged_copy($source->getFileUri(), $destination, $replace)) {
    $file = $source->createDuplicate();
    $file->setFileUri($uri);
    $file->setFilename(drupal_basename($uri));
    // If we are replacing an existing file re-use its database record.
    // @todo Do not create a new entity in order to update it, see
    //   https://drupal.org/node/2241865
    if ($replace == FILE_EXISTS_REPLACE) {
      $existing_files = entity_load_multiple_by_properties('file', array('uri' => $uri));
      if (count($existing_files)) {
        $existing = reset($existing_files);
        $file->fid = $existing->id();
        $file->setOriginalId($existing->id());
        $file->setFilename($existing->getFilename());
      }
    }
    // If we are renaming around an existing file (rather than a directory),
    // use its basename for the filename.
    elseif ($replace == FILE_EXISTS_RENAME && is_file($destination)) {
      $file->setFilename(drupal_basename($destination));
    }

    $file->save();

    // Inform modules that the file has been copied.
    \Drupal::moduleHandler()->invokeAll('file_copy', array($file, $source));

    return $file;
  }
  return FALSE;
}

/**
 * Moves a file to a new location and update the file's database entry.
 *
 * Moving a file is performed by copying the file to the new location and then
 * deleting the original.
 * - Checks if $source and $destination are valid and readable/writable.
 * - Performs a file move if $source is not equal to $destination.
 * - If file already exists in $destination either the call will error out,
 *   replace the file or rename the file based on the $replace parameter.
 * - Adds the new file to the files database.
 *
 * @param \Drupal\file\FileInterface $source
 *   A file entity.
 * @param $destination
 *   A string containing the destination that $source should be moved to.
 *   This must be a stream wrapper URI.
 * @param $replace
 *   Replace behavior when the destination file already exists:
 *   - FILE_EXISTS_REPLACE - Replace the existing file. If a managed file with
 *       the destination name exists then its database entry will be updated and
 *       $source->delete() called after invoking hook_file_move().
 *       If no database entry is found then the source files record will be
 *       updated.
 *   - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
 *       unique.
 *   - FILE_EXISTS_ERROR - Do nothing and return FALSE.
 *
 * @return \Drupal\file\FileInterface
 *   Resulting file entity for success, or FALSE in the event of an error.
 *
 * @see file_unmanaged_move()
 * @see hook_file_move()
 */
function file_move(FileInterface $source, $destination = NULL, $replace = FILE_EXISTS_RENAME) {
  if (!file_valid_uri($destination)) {
    if (($realpath = drupal_realpath($source->getFileUri())) !== FALSE) {
      \Drupal::logger('file')->notice('File %file (%realpath) could not be moved because the destination %destination is invalid. This may be caused by improper use of file_move() or a missing stream wrapper.', array('%file' => $source->getFileUri(), '%realpath' => $realpath, '%destination' => $destination));
    }
    else {
      \Drupal::logger('file')->notice('File %file could not be moved because the destination %destination is invalid. This may be caused by improper use of file_move() or a missing stream wrapper.', array('%file' => $source->getFileUri(), '%destination' => $destination));
    }
    drupal_set_message(t('The specified file %file could not be moved because the destination is invalid. More information is available in the system log.', array('%file' => $source->getFileUri())), 'error');
    return FALSE;
  }

  if ($uri = file_unmanaged_move($source->getFileUri(), $destination, $replace)) {
    $delete_source = FALSE;

    $file = clone $source;
    $file->setFileUri($uri);
    // If we are replacing an existing file re-use its database record.
    if ($replace == FILE_EXISTS_REPLACE) {
      $existing_files = entity_load_multiple_by_properties('file', array('uri' => $uri));
      if (count($existing_files)) {
        $existing = reset($existing_files);
        $delete_source = TRUE;
        $file->fid = $existing->id();
        $file->uuid = $existing->uuid();
      }
    }
    // If we are renaming around an existing file (rather than a directory),
    // use its basename for the filename.
    elseif ($replace == FILE_EXISTS_RENAME && is_file($destination)) {
      $file->setFilename(drupal_basename($destination));
    }

    $file->save();

    // Inform modules that the file has been moved.
    \Drupal::moduleHandler()->invokeAll('file_move', array($file, $source));

    // Delete the original if it's not in use elsewhere.
    if ($delete_source && !\Drupal::service('file.usage')->listUsage($source)) {
      $source->delete();
    }

    return $file;
  }
  return FALSE;
}

/**
 * Checks that a file meets the criteria specified by the validators.
 *
 * After executing the validator callbacks specified hook_file_validate() will
 * also be called to allow other modules to report errors about the file.
 *
 * @param \Drupal\file\FileInterface $file
 *   A file entity.
 * @param $validators
 *   An optional, associative array of callback functions used to validate the
 *   file. The keys are function names and the values arrays of callback
 *   parameters which will be passed in after the file entity. The
 *   functions should return an array of error messages; an empty array
 *   indicates that the file passed validation. The functions will be called in
 *   the order specified.
 *
 * @return
 *   An array containing validation error messages.
 *
 * @see hook_file_validate()
 */
function file_validate(FileInterface $file, $validators = array()) {
  // Call the validation functions specified by this function's caller.
  $errors = array();
  foreach ($validators as $function => $args) {
    if (function_exists($function)) {
      array_unshift($args, $file);
      $errors = array_merge($errors, call_user_func_array($function, $args));
    }
  }

  // Let other modules perform validation on the new file.
  return array_merge($errors, \Drupal::moduleHandler()->invokeAll('file_validate', array($file)));
}

/**
 * Checks for files with names longer than can be stored in the database.
 *
 * @param \Drupal\file\FileInterface $file
 *   A file entity.
 *
 * @return
 *   An array. If the file name is too long, it will contain an error message.
 */
function file_validate_name_length(FileInterface $file) {
  $errors = array();

  if (!$file->getFilename()) {
    $errors[] = t("The file's name is empty. Please give a name to the file.");
  }
  if (strlen($file->getFilename()) > 240) {
    $errors[] = t("The file's name exceeds the 240 characters limit. Please rename the file and try again.");
  }
  return $errors;
}

/**
 * Checks that the filename ends with an allowed extension.
 *
 * @param \Drupal\file\FileInterface $file
 *   A file entity.
 * @param $extensions
 *   A string with a space separated list of allowed extensions.
 *
 * @return
 *   An array. If the file extension is not allowed, it will contain an error
 *   message.
 *
 * @see hook_file_validate()
 */
function file_validate_extensions(FileInterface $file, $extensions) {
  $errors = array();

  $regex = '/\.(' . preg_replace('/ +/', '|', preg_quote($extensions)) . ')$/i';
  if (!preg_match($regex, $file->getFilename())) {
    $errors[] = t('Only files with the following extensions are allowed: %files-allowed.', array('%files-allowed' => $extensions));
  }
  return $errors;
}

/**
 * Checks that the file's size is below certain limits.
 *
 * @param \Drupal\file\FileInterface $file
 *   A file entity.
 * @param $file_limit
 *   An integer specifying the maximum file size in bytes. Zero indicates that
 *   no limit should be enforced.
 * @param $user_limit
 *   An integer specifying the maximum number of bytes the user is allowed.
 *   Zero indicates that no limit should be enforced.
 *
 * @return
 *   An array. If the file size exceeds limits, it will contain an error
 *   message.
 *
 * @see hook_file_validate()
 */
function file_validate_size(FileInterface $file, $file_limit = 0, $user_limit = 0) {
  $user = \Drupal::currentUser();
  $errors = array();

  if ($file_limit && $file->getSize() > $file_limit) {
    $errors[] = t('The file is %filesize exceeding the maximum file size of %maxsize.', array('%filesize' => format_size($file->getSize()), '%maxsize' => format_size($file_limit)));
  }

  // Save a query by only calling spaceUsed() when a limit is provided.
  if ($user_limit && (\Drupal::entityManager()->getStorage('file')->spaceUsed($user->id()) + $file->getSize()) > $user_limit) {
    $errors[] = t('The file is %filesize which would exceed your disk quota of %quota.', array('%filesize' => format_size($file->getSize()), '%quota' => format_size($user_limit)));
  }

  return $errors;
}

/**
 * Checks that the file is recognized as a valid image.
 *
 * @param \Drupal\file\FileInterface $file
 *   A file entity.
 *
 * @return
 *   An array. If the file is not an image, it will contain an error message.
 *
 * @see hook_file_validate()
 */
function file_validate_is_image(FileInterface $file) {
  $errors = array();

  $image_factory = \Drupal::service('image.factory');
  $image = $image_factory->get($file->getFileUri());
  if (!$image->isValid()) {
    $supported_extensions = $image_factory->getSupportedExtensions();
    $errors[] = t('Image type not supported. Allowed types: %types', array('%types' => implode(' ', $supported_extensions)));
  }

  return $errors;
}

/**
 * Verifies that image dimensions are within the specified maximum and minimum.
 *
 * Non-image files will be ignored. If a image toolkit is available the image
 * will be scaled to fit within the desired maximum dimensions.
 *
 * @param \Drupal\file\FileInterface $file
 *   A file entity. This function may resize the file affecting its size.
 * @param $maximum_dimensions
 *   An optional string in the form WIDTHxHEIGHT e.g. '640x480' or '85x85'. If
 *   an image toolkit is installed the image will be resized down to these
 *   dimensions. A value of 0 indicates no restriction on size, so resizing
 *   will be attempted.
 * @param $minimum_dimensions
 *   An optional string in the form WIDTHxHEIGHT. This will check that the
 *   image meets a minimum size. A value of 0 indicates no restriction.
 *
 * @return
 *   An array. If the file is an image and did not meet the requirements, it
 *   will contain an error message.
 *
 * @see hook_file_validate()
 */
function file_validate_image_resolution(FileInterface $file, $maximum_dimensions = 0, $minimum_dimensions = 0) {
  $errors = array();

  // Check first that the file is an image.
  $image_factory = \Drupal::service('image.factory');
  $image = $image_factory->get($file->getFileUri());
  if ($image->isValid()) {
    if ($maximum_dimensions) {
      // Check that it is smaller than the given dimensions.
      list($width, $height) = explode('x', $maximum_dimensions);
      if ($image->getWidth() > $width || $image->getHeight() > $height) {
        // Try to resize the image to fit the dimensions.
        if ($image->scale($width, $height)) {
          $image->save();
          $file->filesize = $image->getFileSize();
          drupal_set_message(t('The image was resized to fit within the maximum allowed dimensions of %dimensions pixels.', array('%dimensions' => $maximum_dimensions)));
        }
        else {
          $errors[] = t('The image exceeds the maximum allowed dimensions and an attempt to resize it failed.');
        }
      }
    }

    if ($minimum_dimensions) {
      // Check that it is larger than the given dimensions.
      list($width, $height) = explode('x', $minimum_dimensions);
      if ($image->getWidth() < $width || $image->getHeight() < $height) {
        $errors[] = t('The image is too small; the minimum dimensions are %dimensions pixels.', array('%dimensions' => $minimum_dimensions));
      }
    }
  }

  return $errors;
}

/**
 * Saves a file to the specified destination and creates a database entry.
 *
 * @param $data
 *   A string containing the contents of the file.
 * @param $destination
 *   A string containing the destination URI. This must be a stream wrapper URI.
 *   If no value is provided, a randomized name will be generated and the file
 *   will be saved using Drupal's default files scheme, usually "public://".
 * @param $replace
 *   Replace behavior when the destination file already exists:
 *   - FILE_EXISTS_REPLACE - Replace the existing file. If a managed file with
 *       the destination name exists then its database entry will be updated. If
 *       no database entry is found then a new one will be created.
 *   - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is
 *       unique.
 *   - FILE_EXISTS_ERROR - Do nothing and return FALSE.
 *
 * @return \Drupal\file\FileInterface
 *   A file entity, or FALSE on error.
 *
 * @see file_unmanaged_save_data()
 */
function file_save_data($data, $destination = NULL, $replace = FILE_EXISTS_RENAME) {
  $user = \Drupal::currentUser();

  if (empty($destination)) {
    $destination = file_default_scheme() . '://';
  }
  if (!file_valid_uri($destination)) {
    \Drupal::logger('file')->notice('The data could not be saved because the destination %destination is invalid. This may be caused by improper use of file_save_data() or a missing stream wrapper.', array('%destination' => $destination));
    drupal_set_message(t('The data could not be saved because the destination is invalid. More information is available in the system log.'), 'error');
    return FALSE;
  }

  if ($uri = file_unmanaged_save_data($data, $destination, $replace)) {
    // Create a file entity.
    $file = entity_create('file', array(
      'uri' => $uri,
      'uid' => $user->id(),
      'status' => FILE_STATUS_PERMANENT,
    ));
    // If we are replacing an existing file re-use its database record.
    // @todo Do not create a new entity in order to update it, see
    //   https://drupal.org/node/2241865
    if ($replace == FILE_EXISTS_REPLACE) {
      $existing_files = entity_load_multiple_by_properties('file', array('uri' => $uri));
      if (count($existing_files)) {
        $existing = reset($existing_files);
        $file->fid = $existing->id();
        $file->setOriginalId($existing->id());
        $file->setFilename($existing->getFilename());
      }
    }
    // If we are renaming around an existing file (rather than a directory),
    // use its basename for the filename.
    elseif ($replace == FILE_EXISTS_RENAME && is_file($destination)) {
      $file->setFilename(drupal_basename($destination));
    }

    $file->save();
    return $file;
  }
  return FALSE;
}

/**
 * Examines a file entity and returns appropriate content headers for download.
 *
 * @param \Drupal\file\FileInterface $file
 *   A file entity.
 *
 * @return
 *   An associative array of headers, as expected by
 *   \Symfony\Component\HttpFoundation\StreamedResponse.
 */
function file_get_content_headers(FileInterface $file) {
  $type = mime_header_encode($file->getMimeType());

  return array(
    'Content-Type' => $type,
    'Content-Length' => $file->getSize(),
    'Cache-Control' => 'private',
  );
}

/**
 * Implements hook_theme().
 */
function file_theme() {
  return array(
    // From file.module.
    'file_link' => array(
      'variables' => array('file' => NULL, 'icon_directory' => NULL, 'description' => NULL, 'attributes' => array()),
      'template' => 'file-link',
    ),
    'file_managed_file' => array(
      'render element' => 'element',
      'template' => 'file-managed-file',
    ),

    // From file.field.inc.
    'file_widget' => array(
      'render element' => 'element',
      'template' => 'file-widget',
      'file' => 'file.field.inc',
    ),
    'file_widget_multiple' => array(
      'render element' => 'element',
      'template' => 'file-widget-multiple',
      'file' => 'file.field.inc',
    ),
    'file_upload_help' => array(
      'variables' => array('description' => NULL, 'upload_validators' => NULL, 'cardinality' => NULL),
      'template' => 'file-upload-help',
      'file' => 'file.field.inc',
    ),
  );
}

/**
 * Implements hook_file_download().
 *
 * This function takes an extra parameter $field_type so that it may
 * be re-used by other File-like modules, such as Image.
 */
function file_file_download($uri, $field_type = 'file') {
  $user = \Drupal::currentUser();

  // Get the file record based on the URI. If not in the database just return.
  /** @var \Drupal\file\FileInterface[] $files */
  $files = entity_load_multiple_by_properties('file', array('uri' => $uri));
  if (count($files)) {
    foreach ($files as $item) {
      // Since some database servers sometimes use a case-insensitive comparison
      // by default, double check that the filename is an exact match.
      if ($item->getFileUri() === $uri) {
        $file = $item;
        break;
      }
    }
  }
  if (!isset($file)) {
    return;
  }

  // Find out which (if any) fields of this type contain the file.
  $references = file_get_file_references($file, NULL, EntityStorageInterface::FIELD_LOAD_CURRENT, $field_type);

  // Stop processing if there are no references in order to avoid returning
  // headers for files controlled by other modules. Make an exception for
  // temporary files where the host entity has not yet been saved (for example,
  // an image preview on a node/add form) in which case, allow download by the
  // file's owner.
  if (empty($references) && ($file->isPermanent() || $file->getOwnerId() != $user->id())) {
    return;
  }

  // Default to allow access.
  $denied = FALSE;
  // Loop through all references of this file. If a reference explicitly allows
  // access to the field to which this file belongs, no further checks are done
  // and download access is granted. If a reference denies access, eventually
  // existing additional references are checked. If all references were checked
  // and no reference denied access, access is granted as well. If at least one
  // reference denied access, access is denied.
  foreach ($references as $field_name => $field_references) {
    foreach ($field_references as $entity_type => $entities) {
      $field_storage_definitions = \Drupal::entityManager()->getFieldStorageDefinitions($entity_type);
      $field = $field_storage_definitions[$field_name];
      foreach ($entities as $entity) {
        // Check if access to this field is not disallowed.
        if (!$entity->get($field_name)->access('view')) {
          $denied = TRUE;
          continue;
        }

        // Invoke hook and collect grants/denies for download access.
        // Default to FALSE and let entities overrule this ruling.
        $grants = array('system' => FALSE);
        foreach (\Drupal::moduleHandler()->getImplementations('file_download_access') as $module) {
          $grants = array_merge($grants, array($module => \Drupal::moduleHandler()->invoke($module, 'file_download_access', array($field, $entity, $file))));
        }
        // Allow other modules to alter the returned grants/denies.
        $context = array(
          'entity' => $entity,
          'field' => $field,
          'file' => $file,
        );
        \Drupal::moduleHandler()->alter('file_download_access', $grants, $context);

        if (in_array(TRUE, $grants)) {
          // If TRUE is returned, access is granted and no further checks are
          // necessary.
          $denied = FALSE;
          break 3;
        }

        if (in_array(FALSE, $grants)) {
          // If an implementation returns FALSE, access to this entity is denied
          // but the file could belong to another entity to which the user might
          // have access. Continue with these.
          $denied = TRUE;
        }
      }
    }
  }

  // Access specifically denied.
  if ($denied) {
    return -1;
  }

  // Access is granted.
  $headers = file_get_content_headers($file);
  return $headers;
}

/**
 * Implements file_cron()
 */
function file_cron() {
  $age = \Drupal::config('system.file')->get('temporary_maximum_age');

  // Only delete temporary files if older than $age. Note that automatic cleanup
  // is disabled if $age set to 0.
  if ($age) {
    $fids = Drupal::entityQuery('file')
      ->condition('status', FILE_STATUS_PERMANENT, '<>')
      ->condition('changed', REQUEST_TIME - $age, '<')
      ->range(0, 100)
      ->execute();
    $files = file_load_multiple($fids);
    foreach ($files as $file) {
      $references = \Drupal::service('file.usage')->listUsage($file);
      if (empty($references)) {
        if (file_exists($file->getFileUri())) {
          $file->delete();
        }
        else {
          \Drupal::logger('file system')->error('Could not delete temporary file "%path" during garbage collection', array('%path' => $file->getFileUri()));
        }
      }
      else {
        \Drupal::logger('file system')->info('Did not delete temporary file "%path" during garbage collection because it is in use by the following modules: %modules.', array('%path' => $file->getFileUri(), '%modules' => implode(', ', array_keys($references))));
      }
    }
  }
}

/**
 * Saves file uploads to a new location.
 *
 * The files will be added to the {file_managed} table as temporary files.
 * Temporary files are periodically cleaned. Use the 'file.usage' service to
 * register the usage of the file which will automatically mark it as permanent.
 *
 * @param $form_field_name
 *   A string that is the associative array key of the upload form element in
 *   the form array.
 * @param array $form_state
 *   An associative array containing the current state of the form.
 * @param $validators
 *   An optional, associative array of callback functions used to validate the
 *   file. See file_validate() for a full discussion of the array format.
 *   If no extension validator is provided it will default to a limited safe
 *   list of extensions which is as follows: "jpg jpeg gif png txt
 *   doc xls pdf ppt pps odt ods odp". To allow all extensions you must
 *   explicitly set the 'file_validate_extensions' validator to an empty array
 *   (Beware: this is not safe and should only be allowed for trusted users, if
 *   at all).
 * @param $destination
 *   A string containing the URI that the file should be copied to. This must
 *   be a stream wrapper URI. If this value is omitted, Drupal's temporary
 *   files scheme will be used ("temporary://").
 * @param $delta
 *   Delta of the file to save or NULL to save all files. Defaults to NULL.
 * @param $replace
 *   Replace behavior when the destination file already exists:
 *   - FILE_EXISTS_REPLACE: Replace the existing file.
 *   - FILE_EXISTS_RENAME: Append _{incrementing number} until the filename is
 *     unique.
 *   - FILE_EXISTS_ERROR: Do nothing and return FALSE.
 *
 * @return
 *   Function returns array of files or a single file object if $delta
 *   != NULL. Each file object contains the file information if the
 *   upload succeeded or FALSE in the event of an error. Function
 *   returns NULL if no file was uploaded.
 *
 *   The documentation for the "File interface" group, which you can find under
 *   Related topics, or the header at the top of this file, documents the
 *   components of a file entity. In addition to the standard components,
 *   this function adds:
 *   - source: Path to the file before it is moved.
 *   - destination: Path to the file after it is moved (same as 'uri').
 */
function file_save_upload($form_field_name, $validators = array(), $destination = FALSE, $delta = NULL, $replace = FILE_EXISTS_RENAME) {
  $user = \Drupal::currentUser();
  static $upload_cache;

  $file_upload = \Drupal::request()->files->get("files[$form_field_name]", NULL, TRUE);
  // Make sure there's an upload to process.
  if (empty($file_upload)) {
    return NULL;
  }

  // Return cached objects without processing since the file will have
  // already been processed and the paths in $_FILES will be invalid.
  if (isset($upload_cache[$form_field_name])) {
    if (isset($delta)) {
      return $upload_cache[$form_field_name][$delta];
    }
    return $upload_cache[$form_field_name];
  }

  // Prepare uploaded files info. Representation is slightly different
  // for multiple uploads and we fix that here.
  $uploaded_files = $file_upload;
  if (!is_array($file_upload)) {
    $uploaded_files = array($file_upload);
  }

  $files = array();
  foreach ($uploaded_files as $i => $file_info) {
    // Check for file upload errors and return FALSE for this file if a lower
    // level system error occurred. For a complete list of errors:
    // See http://php.net/manual/features.file-upload.errors.php.
    switch ($file_info->getError()) {
      case UPLOAD_ERR_INI_SIZE:
      case UPLOAD_ERR_FORM_SIZE:
        drupal_set_message(t('The file %file could not be saved because it exceeds %maxsize, the maximum allowed size for uploads.', array('%file' => $file_info->getFilename(), '%maxsize' => format_size(file_upload_max_size()))), 'error');
        $files[$i] = FALSE;
        continue;

      case UPLOAD_ERR_PARTIAL:
      case UPLOAD_ERR_NO_FILE:
        drupal_set_message(t('The file %file could not be saved because the upload did not complete.', array('%file' => $file_info->getFilename())), 'error');
        $files[$i] = FALSE;
        continue;

      case UPLOAD_ERR_OK:
        // Final check that this is a valid upload, if it isn't, use the
        // default error handler.
        if (is_uploaded_file($file_info->getRealPath())) {
          break;
        }

        // Unknown error
      default:
        drupal_set_message(t('The file %file could not be saved. An unknown error has occurred.', array('%file' => $file_info->getFilename())), 'error');
        $files[$i] = FALSE;
        continue;

    }
    // Begin building file entity.
    $values = array(
      'uid' => $user->id(),
      'status' => 0,
      'filename' => $file_info->getClientOriginalName(),
      'uri' => $file_info->getRealPath(),
      'filesize' => $file_info->getSize(),
    );
    $values['filemime'] = file_get_mimetype($values['filename']);
    $file = entity_create('file', $values);

    $extensions = '';
    if (isset($validators['file_validate_extensions'])) {
      if (isset($validators['file_validate_extensions'][0])) {
        // Build the list of non-munged extensions if the caller provided them.
        $extensions = $validators['file_validate_extensions'][0];
      }
      else {
        // If 'file_validate_extensions' is set and the list is empty then the
        // caller wants to allow any extension. In this case we have to remove the
        // validator or else it will reject all extensions.
        unset($validators['file_validate_extensions']);
      }
    }
    else {
      // No validator was provided, so add one using the default list.
      // Build a default non-munged safe list for file_munge_filename().
      $extensions = 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp';
      $validators['file_validate_extensions'] = array();
      $validators['file_validate_extensions'][0] = $extensions;
    }

    if (!empty($extensions)) {
      // Munge the filename to protect against possible malicious extension
      // hiding within an unknown file type (ie: filename.html.foo).
      $file->setFilename(file_munge_filename($file->getFilename(), $extensions));
    }

    // Rename potentially executable files, to help prevent exploits (i.e. will
    // rename filename.php.foo and filename.php to filename.php.foo.txt and
    // filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads'
    // evaluates to TRUE.
    if (!\Drupal::config('system.file')->get('allow_insecure_uploads') && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->getFilename()) && (substr($file->getFilename(), -4) != '.txt')) {
      $file->setMimeType('text/plain');
      // The destination filename will also later be used to create the URI.
      $file->setFilename($file->getFilename() . '.txt');
      // The .txt extension may not be in the allowed list of extensions. We have
      // to add it here or else the file upload will fail.
      if (!empty($extensions)) {
        $validators['file_validate_extensions'][0] .= ' txt';
        drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->getFilename())));
      }
    }

    // If the destination is not provided, use the temporary directory.
    if (empty($destination)) {
      $destination = 'temporary://';
    }

    // Assert that the destination contains a valid stream.
    $destination_scheme = file_uri_scheme($destination);
    if (!file_stream_wrapper_valid_scheme($destination_scheme)) {
      drupal_set_message(t('The file could not be uploaded because the destination %destination is invalid.', array('%destination' => $destination)), 'error');
      $files[$i] = FALSE;
      continue;
    }

    $file->source = $form_field_name;
    // A file URI may already have a trailing slash or look like "public://".
    if (substr($destination, -1) != '/') {
      $destination .= '/';
    }
    $file->destination = file_destination($destination . $file->getFilename(), $replace);
    // If file_destination() returns FALSE then $replace === FILE_EXISTS_ERROR and
    // there's an existing file so we need to bail.
    if ($file->destination === FALSE) {
      drupal_set_message(t('The file %source could not be uploaded because a file by that name already exists in the destination %directory.', array('%source' => $form_field_name, '%directory' => $destination)), 'error');
      $files[$i] = FALSE;
      continue;
    }

    // Add in our check of the the file name length.
    $validators['file_validate_name_length'] = array();

    // Call the validation functions specified by this function's caller.
    $errors = file_validate($file, $validators);

    // Check for errors.
    if (!empty($errors)) {
      $message = t('The specified file %name could not be uploaded.', array('%name' => $file->getFilename()));
      if (count($errors) > 1) {
        $item_list = array(
          '#theme' => 'item_list',
          '#items' => $errors,
        );
        $message .= drupal_render($item_list);
      }
      else {
        $message .= ' ' . array_pop($errors);
      }
      drupal_set_message($message, 'error');
      $files[$i] = FALSE;
      continue;
    }

    // Move uploaded files from PHP's upload_tmp_dir to Drupal's temporary
    // directory. This overcomes open_basedir restrictions for future file
    // operations.
    $file->uri = $file->destination;
    if (!drupal_move_uploaded_file($file_info->getRealPath(), $file->getFileUri())) {
      drupal_set_message(t('File upload error. Could not move uploaded file.'), 'error');
      \Drupal::logger('file')->notice('Upload error. Could not move uploaded file %file to destination %destination.', array('%file' => $file->filename, '%destination' => $file->uri));
      $files[$i] = FALSE;
      continue;
    }

    // Set the permissions on the new file.
    drupal_chmod($file->getFileUri());

    // If we are replacing an existing file re-use its database record.
    // @todo Do not create a new entity in order to update it, see
    //   https://drupal.org/node/2241865
    if ($replace == FILE_EXISTS_REPLACE) {
      $existing_files = entity_load_multiple_by_properties('file', array('uri' => $file->getFileUri()));
      if (count($existing_files)) {
        $existing = reset($existing_files);
        $file->fid = $existing->id();
        $file->setOriginalId($existing->id());
      }
    }

    // If we made it this far it's safe to record this file in the database.
    $file->save();
    $files[$i] = $file;
  }

  // Add files to the cache.
  $upload_cache[$form_field_name] = $files;

  return isset($delta) ? $files[$delta] : $files;
}

/**
 * Determines the preferred upload progress implementation.
 *
 * @return
 *   A string indicating which upload progress system is available. Either "apc"
 *   or "uploadprogress". If neither are available, returns FALSE.
 */
function file_progress_implementation() {
  static $implementation;
  if (!isset($implementation)) {
    $implementation = FALSE;

    // We prefer the PECL extension uploadprogress because it supports multiple
    // simultaneous uploads. APC only supports one at a time.
    if (extension_loaded('uploadprogress')) {
      $implementation = 'uploadprogress';
    }
    elseif (extension_loaded('apc') && ini_get('apc.rfc1867')) {
      $implementation = 'apc';
    }