You are here

Home » API reference » Zircon Profile 8 » HtaccessUnitTest.php » HtaccessUnitTest

function HtaccessUnitTest::testHtaccessSave in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/system/src/Tests/File/HtaccessUnitTest.php \Drupal\system\Tests\File\HtaccessUnitTest::testHtaccessSave()

Tests file_save_htaccess().

File

core/modules/system/src/Tests/File/HtaccessUnitTest.php, line 23
Contains \Drupal\system\Tests\File\HtaccessUnitTest.

Class

HtaccessUnitTest
Tests .htaccess file saving.

Namespace

Drupal\system\Tests\File

Code

function testHtaccessSave() {

  // Prepare test directories.
  $public = $this->publicFilesDirectory . '/test/public';
  $private = $this->publicFilesDirectory . '/test/private';
  $stream = 'public://test/stream';

  // Verify that file_save_htaccess() returns FALSE if .htaccess cannot be
  // written.
  // Note: We cannot test the condition of a directory lacking write
  // permissions, since at least on Windows file_save_htaccess() succeeds
  // even when changing directory permissions to 0000.
  $this
    ->assertFalse(file_save_htaccess($public, FALSE));

  // Create public .htaccess file.
  mkdir($public, 0777, TRUE);
  $this
    ->assertTrue(file_save_htaccess($public, FALSE));
  $content = file_get_contents($public . '/.htaccess');
  $this
    ->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
  $this
    ->assertFalse(strpos($content, "Require all denied") !== FALSE);
  $this
    ->assertFalse(strpos($content, "Deny from all") !== FALSE);
  $this
    ->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
  $this
    ->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
  $this
    ->assertFilePermissions($public . '/.htaccess', 0444);
  $this
    ->assertTrue(file_save_htaccess($public, FALSE));

  // Create private .htaccess file.
  mkdir($private, 0777, TRUE);
  $this
    ->assertTrue(file_save_htaccess($private));
  $content = file_get_contents($private . '/.htaccess');
  $this
    ->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
  $this
    ->assertTrue(strpos($content, "Require all denied") !== FALSE);
  $this
    ->assertTrue(strpos($content, "Deny from all") !== FALSE);
  $this
    ->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
  $this
    ->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
  $this
    ->assertFilePermissions($private . '/.htaccess', 0444);
  $this
    ->assertTrue(file_save_htaccess($private));

  // Create an .htaccess file using a stream URI.
  mkdir($stream, 0777, TRUE);
  $this
    ->assertTrue(file_save_htaccess($stream));
  $content = file_get_contents($stream . '/.htaccess');
  $this
    ->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
  $this
    ->assertTrue(strpos($content, "Require all denied") !== FALSE);
  $this
    ->assertTrue(strpos($content, "Deny from all") !== FALSE);
  $this
    ->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
  $this
    ->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
  $this
    ->assertFilePermissions($stream . '/.htaccess', 0444);
  $this
    ->assertTrue(file_save_htaccess($stream));
}