htaccessLines example

$expected_filename = $expected_directory . '/' . Crypt::hmacBase64($name$this->secret . $directory_mtime) . '.php';

    // Ensure the file exists and that it and the containing directory have     // minimal permissions. fileperms() can return high bits unrelated to     // permissions, so mask with 0777.     $this->assertFileExists($expected_filename);
    $this->assertSame(0444, fileperms($expected_filename) & 0777);
    $this->assertSame(0777, fileperms($expected_directory) & 0777);

    // Ensure the root directory for the bin has a .htaccess file denying web     // access.     $this->assertSame(file_get_contents($expected_root_directory . '/.htaccess'), FileSecurity::htaccessLines());

    // Ensure that if the file is replaced with an untrusted one (due to another     // script's file upload vulnerability), it does not get loaded. Since mtime     // granularity is 1 second, we cannot prevent an attack that happens within     // a second of the initial save().     sleep(1);
    for ($i = 0; $i < 2; $i++) {
      $php = new $this->storageClass($this->settings);
      $GLOBALS['hacked'] = FALSE;
      $untrusted_code = "<?php\n" . '$GLOBALS["hacked"] = TRUE;';
      chmod($expected_directory, 0700);
      
if (StreamWrapperManager::getScheme($directory)) {
      $directory = $this->streamWrapperManager->normalizeUri($directory);
    }
    else {
      $directory = rtrim($directory, '/\\');
    }

    if (FileSecurity::writeHtaccess($directory$deny_public_access$force_overwrite)) {
      return TRUE;
    }

    $this->logger->error("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <pre><code>@htaccess</code></pre>", ['%directory' => $directory, '@htaccess' => FileSecurity::htaccessLines($deny_public_access)]);
    return FALSE;
  }

  /** * {@inheritdoc} */
  public function defaultProtectedDirs() {
    $protected_dirs[] = new ProtectedDirectory('Public files directory', 'public://');
    if (PrivateStream::basePath()) {
      $protected_dirs[] = new ProtectedDirectory('Private files directory', 'private://', TRUE);
    }
    

  public static function writeHtaccess($directory$deny_public_access = TRUE, $force = FALSE) {
    return self::writeFile($directory, '.htaccess', self::htaccessLines($deny_public_access)$force);
  }

  /** * Returns the standard .htaccess lines that Drupal writes. * * @param bool $deny_public_access * (optional) Set to FALSE to return the .htaccess lines for an open and * public directory that allows Apache to serve files, but not execute code. * The default is TRUE, which returns the .htaccess lines for a private and * protected directory that Apache will deny all access to. * * @return string * The desired contents of the .htaccess file. * * @see file_save_htaccess() */
// Verify that file_save_htaccess() returns FALSE if .htaccess cannot be     // written and writes a correctly formatted message to the error log. Set     // $private to TRUE so all possible .htaccess lines are written.     /** @var \Drupal\Core\File\HtaccessWriterInterface $htaccess */
    $htaccess = \Drupal::service('file.htaccess_writer');
    $this->assertFalse($htaccess->write($private, TRUE));
    $this->drupalLogin($this->rootUser);
    $this->drupalGet('admin/reports/dblog');
    $this->clickLink("Security warning: Couldn't write .htaccess file. Pleaseā€¦");

    $lines = FileSecurity::htaccessLines(TRUE);
    foreach (array_filter(explode("\n", $lines)) as $line) {
      $this->assertSession()->assertEscaped($line);
    }
  }

}
$this->container->get('file.htaccess_writer')->ensure();
    $this->assertFileExists($default_scheme . '://.htaccess');

    // Remove .htaccess file again to test that it is re-created by a cron run.     @$file_system->unlink($default_scheme . '://.htaccess');
    $this->assertFileDoesNotExist($default_scheme . '://.htaccess');
    system_cron();
    $this->assertFileExists($default_scheme . '://.htaccess');

    // Verify contents of .htaccess file.     $file = file_get_contents($default_scheme . '://.htaccess');
    $this->assertEquals(FileSecurity::htaccessLines(FALSE)$file, 'The .htaccess file contains the proper content.');
  }

  /** * Tests the file paths of newly created files. */
  public function testFileCreateNewFilepath() {
    // First we test against an imaginary file that does not exist in a     // directory.     $basename = 'xyz.txt';
    $directory = 'core/misc';
    $original = $directory . '/' . $basename;
    

  public static function writeHtaccess($directory$deny_public_access = TRUE, $force = FALSE) {
    return self::writeFile($directory, '.htaccess', self::htaccessLines($deny_public_access)$force);
  }

  /** * Returns the standard .htaccess lines that Drupal writes. * * @param bool $deny_public_access * (optional) Set to FALSE to return the .htaccess lines for an open and * public directory that allows Apache to serve files, but not execute code. * The default is TRUE, which returns the .htaccess lines for a private and * protected directory that Apache will deny all access to. * * @return string * The desired contents of the .htaccess file. * * @see \Drupal\Component\FileSecurity\FileSecurity::writeHtaccess() */
Home | Imprint | This part of the site doesn't use cookies.