protected function HtaccessTest::getProtectedFiles in Drupal 8
Same name and namespace in other branches
- 9 core/modules/system/tests/src/Functional/System/HtaccessTest.php \Drupal\Tests\system\Functional\System\HtaccessTest::getProtectedFiles()
- 10 core/modules/system/tests/src/Functional/System/HtaccessTest.php \Drupal\Tests\system\Functional\System\HtaccessTest::getProtectedFiles()
Get an array of file paths for access testing.
Return value
int[] An array keyed by file paths. Each value is the expected response code, for example, 200 or 403.
1 call to HtaccessTest::getProtectedFiles()
- HtaccessTest::testFileAccess in core/
modules/ system/ tests/ src/ Functional/ System/ HtaccessTest.php - Iterates over protected files and calls assertNoFileAccess().
File
- core/
modules/ system/ tests/ src/ Functional/ System/ HtaccessTest.php, line 33
Class
- HtaccessTest
- Tests .htaccess is working correctly.
Namespace
Drupal\Tests\system\Functional\SystemCode
protected function getProtectedFiles() {
$path = drupal_get_path('module', 'system') . '/tests/fixtures/HtaccessTest';
// Tests the FilesMatch directive which denies access to certain file
// extensions.
$file_exts_to_deny = [
'engine',
'inc',
'install',
'make',
'module',
'module~',
'module.bak',
'module.orig',
'module.save',
'module.swo',
'module.swp',
'php~',
'php.bak',
'php.orig',
'php.save',
'php.swo',
'php.swp',
'profile',
'po',
'sh',
'sql',
'theme',
'twig',
'tpl.php',
'xtmpl',
'yml',
];
foreach ($file_exts_to_deny as $file_ext) {
$file_paths["{$path}/access_test.{$file_ext}"] = 403;
}
// Tests the .htaccess file in vendor and created by a Composer script.
// Try and access a non PHP file in the vendor directory.
// @see Drupal\\Core\\Composer\\Composer::ensureHtaccess
$file_paths['vendor/composer/installed.json'] = 403;
// Tests the rewrite conditions and rule that denies access to php files.
$file_paths['core/lib/Drupal.php'] = 403;
$file_paths['vendor/autoload.php'] = 403;
$file_paths['autoload.php'] = 403;
// Test extensions that should be permitted.
$file_exts_to_allow = [
'php-info.txt',
];
foreach ($file_exts_to_allow as $file_ext) {
$file_paths["{$path}/access_test.{$file_ext}"] = 200;
}
// Ensure composer.json and composer.lock cannot be accessed.
$file_paths["{$path}/composer.json"] = 403;
$file_paths["{$path}/composer.lock"] = 403;
// Ensure web server configuration files cannot be accessed.
$file_paths["{$path}/.htaccess"] = 403;
$file_paths["{$path}/web.config"] = 403;
return $file_paths;
}