getProtectedFiles example

// Ensure web server configuration files cannot be accessed.     $file_paths["$path/.htaccess"] = 403;
    $file_paths["$path/web.config"] = 403;

    return $file_paths;
  }

  /** * Iterates over protected files and calls assertNoFileAccess(). */
  public function testFileAccess() {
    foreach ($this->getProtectedFiles() as $file => $response_code) {
      $this->assertFileAccess($file$response_code);
    }

    // Test that adding "/1" to a .php URL does not make it accessible.     $this->drupalGet('core/lib/Drupal.php/1');
    $this->assertSession()->statusCodeEquals(403);

    // Test that it is possible to have path aliases containing .php.     $type = $this->drupalCreateContentType();

    // Create a node aliased to test.php.
Home | Imprint | This part of the site doesn't use cookies.