function HtaccessTest::getProtectedFiles

Same name in other branches
  1. 7.x modules/system/system.test \HtaccessTest::getProtectedFiles()
  2. 9 core/modules/system/tests/src/Functional/System/HtaccessTest.php \Drupal\Tests\system\Functional\System\HtaccessTest::getProtectedFiles()
  3. 10 core/modules/system/tests/src/Functional/System/HtaccessTest.php \Drupal\Tests\system\Functional\System\HtaccessTest::getProtectedFiles()
  4. 11.x core/modules/system/tests/src/Functional/System/HtaccessTest.php \Drupal\Tests\system\Functional\System\HtaccessTest::getProtectedFiles()

Get an array of file paths for access testing.

Return value

int[] An array keyed by file paths. Each value is the expected response code, for example, 200 or 403.

1 call to HtaccessTest::getProtectedFiles()
HtaccessTest::testFileAccess in core/modules/system/tests/src/Functional/System/HtaccessTest.php
Iterates over protected files and calls assertNoFileAccess().

File

core/modules/system/tests/src/Functional/System/HtaccessTest.php, line 33

Class

HtaccessTest
Tests .htaccess is working correctly.

Namespace

Drupal\Tests\system\Functional\System

Code

protected function getProtectedFiles() {
    $path = drupal_get_path('module', 'system') . '/tests/fixtures/HtaccessTest';
    // Tests the FilesMatch directive which denies access to certain file
    // extensions.
    $file_exts_to_deny = [
        'engine',
        'inc',
        'install',
        'make',
        'module',
        'module~',
        'module.bak',
        'module.orig',
        'module.save',
        'module.swo',
        'module.swp',
        'php~',
        'php.bak',
        'php.orig',
        'php.save',
        'php.swo',
        'php.swp',
        'profile',
        'po',
        'sh',
        'sql',
        'theme',
        'twig',
        'tpl.php',
        'xtmpl',
        'yml',
    ];
    foreach ($file_exts_to_deny as $file_ext) {
        $file_paths["{$path}/access_test.{$file_ext}"] = 403;
    }
    // Tests the .htaccess file in vendor and created by a Composer script.
    // Try and access a non PHP file in the vendor directory.
    // @see Drupal\\Core\\Composer\\Composer::ensureHtaccess
    $file_paths['vendor/composer/installed.json'] = 403;
    // Tests the rewrite conditions and rule that denies access to php files.
    $file_paths['core/lib/Drupal.php'] = 403;
    $file_paths['vendor/autoload.php'] = 403;
    $file_paths['autoload.php'] = 403;
    // Test extensions that should be permitted.
    $file_exts_to_allow = [
        'php-info.txt',
    ];
    foreach ($file_exts_to_allow as $file_ext) {
        $file_paths["{$path}/access_test.{$file_ext}"] = 200;
    }
    // Ensure composer.json and composer.lock cannot be accessed.
    $file_paths["{$path}/composer.json"] = 403;
    $file_paths["{$path}/composer.lock"] = 403;
    // Ensure web server configuration files cannot be accessed.
    $file_paths["{$path}/.htaccess"] = 403;
    $file_paths["{$path}/web.config"] = 403;
    return $file_paths;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.