Mercurial > hg > isophonics-drupal-site
comparison core/modules/system/src/Tests/System/HtaccessTest.php @ 0:4c8ae668cc8c
Initial import (non-working)
| author | Chris Cannam |
|---|---|
| date | Wed, 29 Nov 2017 16:09:58 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4c8ae668cc8c |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\system\Tests\System; | |
| 4 | |
| 5 use Drupal\simpletest\WebTestBase; | |
| 6 | |
| 7 /** | |
| 8 * Tests .htaccess is working correctly. | |
| 9 * | |
| 10 * @group system | |
| 11 */ | |
| 12 class HtaccessTest extends WebTestBase { | |
| 13 | |
| 14 /** | |
| 15 * Modules to enable. | |
| 16 * | |
| 17 * @var array | |
| 18 */ | |
| 19 public static $modules = ['node', 'path']; | |
| 20 | |
| 21 /** | |
| 22 * Get an array of file paths for access testing. | |
| 23 * | |
| 24 * @return int[] | |
| 25 * An array keyed by file paths. Each value is the expected response code, | |
| 26 * for example, 200 or 403. | |
| 27 */ | |
| 28 protected function getProtectedFiles() { | |
| 29 $path = drupal_get_path('module', 'system') . '/tests/fixtures/HtaccessTest'; | |
| 30 | |
| 31 // Tests the FilesMatch directive which denies access to certain file | |
| 32 // extensions. | |
| 33 $file_exts_to_deny = [ | |
| 34 'engine', | |
| 35 'inc', | |
| 36 'install', | |
| 37 'make', | |
| 38 'module', | |
| 39 'module~', | |
| 40 'module.bak', | |
| 41 'module.orig', | |
| 42 'module.save', | |
| 43 'module.swo', | |
| 44 'module.swp', | |
| 45 'php~', | |
| 46 'php.bak', | |
| 47 'php.orig', | |
| 48 'php.save', | |
| 49 'php.swo', | |
| 50 'php.swp', | |
| 51 'profile', | |
| 52 'po', | |
| 53 'sh', | |
| 54 'sql', | |
| 55 'theme', | |
| 56 'twig', | |
| 57 'tpl.php', | |
| 58 'xtmpl', | |
| 59 'yml', | |
| 60 ]; | |
| 61 | |
| 62 foreach ($file_exts_to_deny as $file_ext) { | |
| 63 $file_paths["$path/access_test.$file_ext"] = 403; | |
| 64 } | |
| 65 | |
| 66 // Tests the .htaccess file in vendor and created by a Composer script. | |
| 67 // Try and access a non PHP file in the vendor directory. | |
| 68 // @see Drupal\\Core\\Composer\\Composer::ensureHtaccess | |
| 69 $file_paths['vendor/composer/installed.json'] = 403; | |
| 70 | |
| 71 // Tests the rewrite conditions and rule that denies access to php files. | |
| 72 $file_paths['core/lib/Drupal.php'] = 403; | |
| 73 $file_paths['vendor/autoload.php'] = 403; | |
| 74 $file_paths['autoload.php'] = 403; | |
| 75 | |
| 76 // Test extensions that should be permitted. | |
| 77 $file_exts_to_allow = [ | |
| 78 'php-info.txt' | |
| 79 ]; | |
| 80 | |
| 81 foreach ($file_exts_to_allow as $file_ext) { | |
| 82 $file_paths["$path/access_test.$file_ext"] = 200; | |
| 83 } | |
| 84 | |
| 85 // Ensure composer.json and composer.lock cannot be accessed. | |
| 86 $file_paths["$path/composer.json"] = 403; | |
| 87 $file_paths["$path/composer.lock"] = 403; | |
| 88 | |
| 89 return $file_paths; | |
| 90 } | |
| 91 | |
| 92 /** | |
| 93 * Iterates over protected files and calls assertNoFileAccess(). | |
| 94 */ | |
| 95 public function testFileAccess() { | |
| 96 foreach ($this->getProtectedFiles() as $file => $response_code) { | |
| 97 $this->assertFileAccess($file, $response_code); | |
| 98 } | |
| 99 | |
| 100 // Test that adding "/1" to a .php URL does not make it accessible. | |
| 101 $this->drupalGet('core/lib/Drupal.php/1'); | |
| 102 $this->assertResponse(403, "Access to core/lib/Drupal.php/1 is denied."); | |
| 103 | |
| 104 // Test that it is possible to have path aliases containing .php. | |
| 105 $type = $this->drupalCreateContentType(); | |
| 106 | |
| 107 // Create an node aliased to test.php. | |
| 108 $node = $this->drupalCreateNode([ | |
| 109 'title' => 'This is a node', | |
| 110 'type' => $type->id(), | |
| 111 'path' => '/test.php' | |
| 112 ]); | |
| 113 $node->save(); | |
| 114 $this->drupalGet('test.php'); | |
| 115 $this->assertResponse(200); | |
| 116 $this->assertText('This is a node'); | |
| 117 | |
| 118 // Update node's alias to test.php/test. | |
| 119 $node->path = '/test.php/test'; | |
| 120 $node->save(); | |
| 121 $this->drupalGet('test.php/test'); | |
| 122 $this->assertResponse(200); | |
| 123 $this->assertText('This is a node'); | |
| 124 } | |
| 125 | |
| 126 /** | |
| 127 * Asserts that a file exists and requesting it returns a specific response. | |
| 128 * | |
| 129 * @param string $path | |
| 130 * Path to file. Without leading slash. | |
| 131 * @param int $response_code | |
| 132 * The expected response code. For example: 200, 403 or 404. | |
| 133 * | |
| 134 * @return bool | |
| 135 * TRUE if the assertion succeeded, FALSE otherwise. | |
| 136 */ | |
| 137 protected function assertFileAccess($path, $response_code) { | |
| 138 $result = $this->assertTrue(file_exists(\Drupal::root() . '/' . $path), "The file $path exists."); | |
| 139 $this->drupalGet($path); | |
| 140 $result = $result && $this->assertResponse($response_code, "Response code to $path is $response_code."); | |
| 141 return $result; | |
| 142 } | |
| 143 | |
| 144 /** | |
| 145 * Tests that SVGZ files are served with Content-Encoding: gzip. | |
| 146 */ | |
| 147 public function testSvgzContentEncoding() { | |
| 148 $this->drupalGet('core/modules/system/tests/logo.svgz'); | |
| 149 $this->assertResponse(200); | |
| 150 $header = $this->drupalGetHeader('Content-Encoding'); | |
| 151 $this->assertEqual($header, 'gzip'); | |
| 152 } | |
| 153 | |
| 154 } |