You are here

protected function HtaccessTest::getProtectedFiles in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/system/tests/src/Functional/System/HtaccessTest.php \Drupal\Tests\system\Functional\System\HtaccessTest::getProtectedFiles()
  2. 10 core/modules/system/tests/src/Functional/System/HtaccessTest.php \Drupal\Tests\system\Functional\System\HtaccessTest::getProtectedFiles()

Get an array of file paths for access testing.

Return value

int[] An array keyed by file paths. Each value is the expected response code, for example, 200 or 403.

1 call to HtaccessTest::getProtectedFiles()
HtaccessTest::testFileAccess in core/modules/system/tests/src/Functional/System/HtaccessTest.php
Iterates over protected files and calls assertNoFileAccess().

File

core/modules/system/tests/src/Functional/System/HtaccessTest.php, line 33

Class

HtaccessTest
Tests .htaccess is working correctly.

Namespace

Drupal\Tests\system\Functional\System

Code

protected function getProtectedFiles() {
  $path = $this
    ->getModulePath('system') . '/tests/fixtures/HtaccessTest';

  // Tests the FilesMatch directive which denies access to certain file
  // extensions.
  $file_exts_to_deny = [
    'engine',
    'inc',
    'install',
    'make',
    'module',
    'module~',
    'module.bak',
    'module.orig',
    'module.save',
    'module.swo',
    'module.swp',
    'php~',
    'php.bak',
    'php.orig',
    'php.save',
    'php.swo',
    'php.swp',
    'profile',
    'po',
    'sh',
    'sql',
    'theme',
    'twig',
    'tpl.php',
    'xtmpl',
    'yml',
  ];
  foreach ($file_exts_to_deny as $file_ext) {
    $file_paths["{$path}/access_test.{$file_ext}"] = 403;
  }

  // Tests the .htaccess file in vendor and created by a Composer script.
  // Try and access a non PHP file in the vendor directory.
  // @see Drupal\\Core\\Composer\\Composer::ensureHtaccess
  $file_paths['vendor/composer/installed.json'] = 403;

  // Tests the rewrite conditions and rule that denies access to php files.
  $file_paths['core/lib/Drupal.php'] = 403;
  $file_paths['vendor/autoload.php'] = 403;
  $file_paths['autoload.php'] = 403;

  // Test extensions that should be permitted.
  $file_exts_to_allow = [
    'php-info.txt',
  ];
  foreach ($file_exts_to_allow as $file_ext) {
    $file_paths["{$path}/access_test.{$file_ext}"] = 200;
  }

  // Ensure composer.json and composer.lock cannot be accessed.
  $file_paths["{$path}/composer.json"] = 403;
  $file_paths["{$path}/composer.lock"] = 403;

  // Ensure web server configuration files cannot be accessed.
  $file_paths["{$path}/.htaccess"] = 403;
  $file_paths["{$path}/web.config"] = 403;
  return $file_paths;
}