htaccess.install in Htaccess 7.2
Same filename and directory in other branches
Htaccess module install file.
File
htaccess.installView source
<?php
/**
* @file
* Htaccess module install file.
*/
/*
* Implements hook_schema().
* Create a table which will store htaccess profile.
*/
function htaccess_schema() {
$schema['htaccess'] = array(
'description' => 'The table for htaccess.',
'fields' => array(
'id' => array(
'description' => t('The unique identifier for a htaccess.'),
'type' => 'serial',
'unsigned' => TRUE,
'not null' => TRUE,
),
'name' => array(
'description' => t('The profile name of the htaccess.'),
'type' => 'text',
'not null' => TRUE,
),
'description' => array(
'description' => t('The description of the htaccess.'),
'type' => 'text',
),
'htaccess' => array(
'description' => t('The htaccess rules generated.'),
'type' => 'text',
'not null' => TRUE,
),
'deployed' => array(
'description' => t('Indicates the current htaccess used.'),
'type' => 'int',
'size' => 'tiny',
'not null' => TRUE,
'default' => 0,
),
'created' => array(
'description' => t('The created date of the generated htaccess rules.'),
'type' => 'int',
'unsigned' => TRUE,
'not null' => TRUE,
'default' => 0,
),
),
'indexes' => array(
'htaccess_created' => array(
'created',
),
),
'unique keys' => array(
'id' => array(
'id',
),
),
'primary key' => array(
'id',
),
);
return $schema;
}
/**
* Implements hook_install().
* Store the Drupal default htaccess into database.
*/
function htaccess_install() {
$generate = htaccess_generate_default();
return;
}
/**
* Implements hook_requirements().
*/
function htaccess_requirements($phase) {
$requirements = array();
$t = get_t();
if ($phase == 'runtime') {
// Check if the htaccess has been altered
if (variable_get('htaccess_altered', false) == true) {
$requirements['htaccess'] = array(
'title' => $t('Htaccess module'),
'description' => $t('Htaccess seems to be altered.'),
'severity' => REQUIREMENT_WARNING,
'value' => $t('Htaccess altered'),
);
}
}
return $requirements;
}
/**
* Implements hook_uninstall().
* Remove all variables. Table will be removed by Core.
*/
function htaccess_uninstall() {
db_query("DELETE FROM {variable} WHERE name LIKE 'htaccess_%'");
}
/**
* Update default htaccess content.
* Replace the %%%boost_rules%%% token by an empty value.
* This only affects 7.x-2.1 version.
*/
function htaccess_update_7200() {
$htaccess_default = db_select('htaccess', 'h')
->fields('h')
->condition('id', 1, '=')
->execute()
->fetchAssoc();
$htaccess_default_content = $htaccess_default['htaccess'];
$htaccess_boost_token_update = str_replace("%%%boost_rules%%%", '', $htaccess_default_content, $count);
// We update only if a replacement has been made.
if ($count > 0) {
db_update('htaccess')
->fields(array(
'htaccess' => $htaccess_boost_token_update,
))
->condition('id', 1, '=')
->execute();
return t('The default htaccess profile has been updated correctly.');
}
else {
return t('The default htaccess profile seems to be clean. No change required.');
}
}
/**
* Update htaccess profiles : Prevent browsers from sniffing a response
* and picking a MIME type different from the declared content-type,
* since that can lead to XSS and other vulnerabilities.
*/
function htaccess_update_7201() {
$updated_rules = PHP_EOL;
$updated_rules .= "# Add headers to all responses." . PHP_EOL;
$updated_rules .= "<IfModule mod_headers.c>" . PHP_EOL;
$updated_rules .= "# Disable content sniffing, since it's an attack vector." . PHP_EOL;
$updated_rules .= "Header always set X-Content-Type-Options nosniff" . PHP_EOL;
$updated_rules .= "</IfModule>" . PHP_EOL;
// Get all htacess profiles
$htaccess_profiles = db_select('htaccess', 'h')
->fields('h')
->execute()
->fetchAll();
// Update the htacess profiles
foreach ($htaccess_profiles as $key => $htaccess_profile) {
$rules = $htaccess_profiles[$key]->htaccess . $updated_rules;
db_update('htaccess')
->fields(array(
'htaccess' => $rules,
))
->condition('id', $htaccess_profiles[$key]->id, '=')
->execute();
}
return t('All htaccess profiles have been updated correctly. You have to re-deploy your current htaccess profile.');
}
/**
* Update default htaccess content.
* Disallow composer.json and composer.lock from being indexed.
* https://www.drupal.org/node/2392153
* Htacess profiles won't be updated since it's not a security issue.
* Re-generate your htacess profiles only if you use Composer.
*/
function htaccess_update_7202() {
$generate = htaccess_generate_default();
return t('The default htaccess profile has been updated correctly. You should re-generate your htaccess profiles only if you use Composer in your Drupal project.');
}
/**
* Update default htaccess content.
* Add a new option which allows core text files from Drupal
* from being viewed.
*/
function htaccess_update_7203() {
$generate = htaccess_generate_default();
return t('Re-generate the default htaccess.');
}
/**
* Fixed the issue where the protect text files option is not properly taken
* into account
*/
function htaccess_update_7204() {
$generate = htaccess_generate_default();
return t('Re-generate the default htaccess.');
}
Functions
Name![]() |
Description |
---|---|
htaccess_install | Implements hook_install(). Store the Drupal default htaccess into database. |
htaccess_requirements | Implements hook_requirements(). |
htaccess_schema | |
htaccess_uninstall | Implements hook_uninstall(). Remove all variables. Table will be removed by Core. |
htaccess_update_7200 | Update default htaccess content. Replace the %%%boost_rules%%% token by an empty value. This only affects 7.x-2.1 version. |
htaccess_update_7201 | Update htaccess profiles : Prevent browsers from sniffing a response and picking a MIME type different from the declared content-type, since that can lead to XSS and other vulnerabilities. |
htaccess_update_7202 | Update default htaccess content. Disallow composer.json and composer.lock from being indexed. https://www.drupal.org/node/2392153 Htacess profiles won't be updated since it's not a security issue. Re-generate your htacess profiles only if… |
htaccess_update_7203 | Update default htaccess content. Add a new option which allows core text files from Drupal from being viewed. |
htaccess_update_7204 | Fixed the issue where the protect text files option is not properly taken into account |