// Warn about settings.php permissions risk
$settings_dir =
$this->sitePath;
$settings_file =
$settings_dir . '/settings.php';
// Check that $_POST is empty so we only show this message when the form is
// first displayed, not on the next page after it is submitted. (We do not
// want to repeat it multiple times because it is a general warning that is
// not related to the rest of the installation process; it would also be
// especially out of place on the last page of the installer, where it would
// distract from the message that the Drupal installation has completed
// successfully.)
$post_params =
$this->
getRequest()->request->
all();
if (empty($post_params) && (Settings::
get('skip_permissions_hardening'
) || !
drupal_verify_install_file($this->root . '/' .
$settings_file, FILE_EXIST | FILE_READABLE | FILE_NOT_WRITABLE
) || !
drupal_verify_install_file($this->root . '/' .
$settings_dir, FILE_NOT_WRITABLE, 'dir'
))) { $this->
messenger()->
addWarning($this->
t('All necessary changes to %dir and %file have been made, so you should remove write permissions to them now in order to avoid security risks. If you are unsure how to do so, consult the <a href=":handbook_url">online handbook</a>.',
['%dir' =>
$settings_dir, '%file' =>
$settings_file, ':handbook_url' => 'https://www.drupal.org/server-permissions'
]));
} $form['#attached'
]['library'
][] = 'system/drupal.system';
// Add JavaScript time zone detection.
$form['#attached'
]['library'
][] = 'core/drupal.timezone';
// We add these strings as settings because JavaScript translation does not
// work during installation.
$form['#attached'
]['drupalSettings'
]['copyFieldValue'
]['edit-site-mail'
] =
['edit-account-mail'
];
$form['site_information'
] =
[