Mercurial > hg > isophonics-drupal-site
view core/modules/system/src/Tests/System/HtaccessTest.php @ 14:1fec387a4317
Update Drupal core to 8.5.2 via Composer
| author | Chris Cannam |
|---|---|
| date | Mon, 23 Apr 2018 09:46:53 +0100 |
| parents | 4c8ae668cc8c |
| children |
line wrap: on
line source
<?php namespace Drupal\system\Tests\System; use Drupal\simpletest\WebTestBase; /** * Tests .htaccess is working correctly. * * @group system */ class HtaccessTest extends WebTestBase { /** * Modules to enable. * * @var array */ public static $modules = ['node', 'path']; /** * Get an array of file paths for access testing. * * @return int[] * An array keyed by file paths. Each value is the expected response code, * for example, 200 or 403. */ protected function getProtectedFiles() { $path = drupal_get_path('module', 'system') . '/tests/fixtures/HtaccessTest'; // Tests the FilesMatch directive which denies access to certain file // extensions. $file_exts_to_deny = [ 'engine', 'inc', 'install', 'make', 'module', 'module~', 'module.bak', 'module.orig', 'module.save', 'module.swo', 'module.swp', 'php~', 'php.bak', 'php.orig', 'php.save', 'php.swo', 'php.swp', 'profile', 'po', 'sh', 'sql', 'theme', 'twig', 'tpl.php', 'xtmpl', 'yml', ]; foreach ($file_exts_to_deny as $file_ext) { $file_paths["$path/access_test.$file_ext"] = 403; } // Tests the .htaccess file in vendor and created by a Composer script. // Try and access a non PHP file in the vendor directory. // @see Drupal\\Core\\Composer\\Composer::ensureHtaccess $file_paths['vendor/composer/installed.json'] = 403; // Tests the rewrite conditions and rule that denies access to php files. $file_paths['core/lib/Drupal.php'] = 403; $file_paths['vendor/autoload.php'] = 403; $file_paths['autoload.php'] = 403; // Test extensions that should be permitted. $file_exts_to_allow = [ 'php-info.txt' ]; foreach ($file_exts_to_allow as $file_ext) { $file_paths["$path/access_test.$file_ext"] = 200; } // Ensure composer.json and composer.lock cannot be accessed. $file_paths["$path/composer.json"] = 403; $file_paths["$path/composer.lock"] = 403; return $file_paths; } /** * Iterates over protected files and calls assertNoFileAccess(). */ public function testFileAccess() { foreach ($this->getProtectedFiles() as $file => $response_code) { $this->assertFileAccess($file, $response_code); } // Test that adding "/1" to a .php URL does not make it accessible. $this->drupalGet('core/lib/Drupal.php/1'); $this->assertResponse(403, "Access to core/lib/Drupal.php/1 is denied."); // Test that it is possible to have path aliases containing .php. $type = $this->drupalCreateContentType(); // Create an node aliased to test.php. $node = $this->drupalCreateNode([ 'title' => 'This is a node', 'type' => $type->id(), 'path' => '/test.php' ]); $node->save(); $this->drupalGet('test.php'); $this->assertResponse(200); $this->assertText('This is a node'); // Update node's alias to test.php/test. $node->path = '/test.php/test'; $node->save(); $this->drupalGet('test.php/test'); $this->assertResponse(200); $this->assertText('This is a node'); } /** * Asserts that a file exists and requesting it returns a specific response. * * @param string $path * Path to file. Without leading slash. * @param int $response_code * The expected response code. For example: 200, 403 or 404. * * @return bool * TRUE if the assertion succeeded, FALSE otherwise. */ protected function assertFileAccess($path, $response_code) { $result = $this->assertTrue(file_exists(\Drupal::root() . '/' . $path), "The file $path exists."); $this->drupalGet($path); $result = $result && $this->assertResponse($response_code, "Response code to $path is $response_code."); return $result; } /** * Tests that SVGZ files are served with Content-Encoding: gzip. */ public function testSvgzContentEncoding() { $this->drupalGet('core/modules/system/tests/logo.svgz'); $this->assertResponse(200); $header = $this->drupalGetHeader('Content-Encoding'); $this->assertEqual($header, 'gzip'); } }