summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGabor Hojtsy2018-03-01 14:00:02 (GMT)
committerGabor Hojtsy2018-03-01 14:00:02 (GMT)
commit07e76fddd7bfedd4b468fdb63162fa8a1411a384 (patch)
tree68bbff224f3aa49d78c54a034b2eb87a3e12bc6a
parent544740df31da953bdb38c632f861d3a995f3c584 (diff)
Issue #2942769 by alexpott, vaplas, smaz, Gábor Hojtsy, borisson_, Eli-T: Consolidate umami .htaccess files and testing
-rw-r--r--core/profiles/demo_umami/modules/demo_umami_content/default_content/.htaccess (renamed from core/profiles/demo_umami/modules/demo_umami_content/default_content/recipe_instructions/.htaccess)0
-rw-r--r--core/profiles/demo_umami/modules/demo_umami_content/default_content/article_body/.htaccess11
-rw-r--r--core/profiles/demo_umami/modules/demo_umami_content/default_content/images/.htaccess12
-rw-r--r--core/profiles/demo_umami/modules/demo_umami_content/tests/src/Functional/DefaultContentFilesAccessTest.php38
-rw-r--r--core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php33
5 files changed, 38 insertions, 56 deletions
diff --git a/core/profiles/demo_umami/modules/demo_umami_content/default_content/recipe_instructions/.htaccess b/core/profiles/demo_umami/modules/demo_umami_content/default_content/.htaccess
index bdcdd2f..bdcdd2f 100644
--- a/core/profiles/demo_umami/modules/demo_umami_content/default_content/recipe_instructions/.htaccess
+++ b/core/profiles/demo_umami/modules/demo_umami_content/default_content/.htaccess
diff --git a/core/profiles/demo_umami/modules/demo_umami_content/default_content/article_body/.htaccess b/core/profiles/demo_umami/modules/demo_umami_content/default_content/article_body/.htaccess
deleted file mode 100644
index bdcdd2f..0000000
--- a/core/profiles/demo_umami/modules/demo_umami_content/default_content/article_body/.htaccess
+++ /dev/null
@@ -1,11 +0,0 @@
-# Deny all requests from Apache 2.4+.
-<IfModule mod_authz_core.c>
- Require all denied
-</IfModule>
-
-# Deny all requests from Apache 2.0-2.2.
-<IfModule !mod_authz_core.c>
- Deny from all
-</IfModule>
-# Turn off all options we don't need.
-Options -Indexes -ExecCGI -Includes -MultiViews
diff --git a/core/profiles/demo_umami/modules/demo_umami_content/default_content/images/.htaccess b/core/profiles/demo_umami/modules/demo_umami_content/default_content/images/.htaccess
deleted file mode 100644
index ae4e251..0000000
--- a/core/profiles/demo_umami/modules/demo_umami_content/default_content/images/.htaccess
+++ /dev/null
@@ -1,12 +0,0 @@
-# Deny all requests from Apache 2.4+.
-<IfModule mod_authz_core.c>
- Require all denied
-</IfModule>
-
-# Deny all requests from Apache 2.0-2.2.
-<IfModule !mod_authz_core.c>
- Deny from all
-</IfModule>
-# Turn off all options we don't need.
-Options None
-Options +FollowSymLinks
diff --git a/core/profiles/demo_umami/modules/demo_umami_content/tests/src/Functional/DefaultContentFilesAccessTest.php b/core/profiles/demo_umami/modules/demo_umami_content/tests/src/Functional/DefaultContentFilesAccessTest.php
new file mode 100644
index 0000000..26c92d0
--- /dev/null
+++ b/core/profiles/demo_umami/modules/demo_umami_content/tests/src/Functional/DefaultContentFilesAccessTest.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace Drupal\Tests\demo_umami_content\Functional;
+
+use Drupal\Core\Site\Settings;
+use Drupal\Tests\BrowserTestBase;
+
+/**
+ * Tests that files provided by demo_umami_content are not accessible.
+ *
+ * @group demo_umami_content
+ */
+class DefaultContentFilesAccessTest extends BrowserTestBase {
+
+ /**
+ * Tests that sample images, recipes and articles are not accessible.
+ */
+ public function testAccessDeniedToFiles() {
+ // The demo_umami profile should not be used because we want to ensure that
+ // if you install another profile these files are not available.
+ $this->assertNotSame('demo_umami', Settings::get('install_profile'));
+
+ $files_to_test = [
+ 'images/chocolate-brownie-umami.jpg',
+ 'recipe_instructions/chocolate-brownie-umami.html',
+ 'article_body/lets-hear-it-for-carrots.html',
+ 'articles.csv',
+ ];
+ foreach ($files_to_test as $file) {
+ // Hard code the path since the demo_umami profile is not installed.
+ $content_path = "core/profiles/demo_umami/modules/demo_umami_content/default_content/$file";
+ $this->assertFileExists($this->root . '/' . $content_path);
+ $this->drupalGet($content_path);
+ $this->assertSession()->statusCodeEquals(403);
+ }
+ }
+
+}
diff --git a/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php b/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php
index bfa1de2..f6025fd 100644
--- a/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php
+++ b/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php
@@ -163,37 +163,4 @@ class DemoUmamiProfileTest extends BrowserTestBase {
$web_assert->pageTextNotContains('This site is intended for demonstration purposes.');
}
- /**
- * Tests that sample images are not accessible to the webserver.
- */
- public function testAccessDeniedToSampleImages() {
- $file_name = 'chocolate-brownie-umami.jpg';
- $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/images/' . $file_name;
- $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
- $this->drupalGet($file_path);
- $this->assertSession()->statusCodeEquals(403);
- }
-
- /**
- * Tests that sample recipes are not accessible to the webserver.
- */
- public function testAccessDeniedToSampleRecipes() {
- $file_name = 'chocolate-brownie-umami.html';
- $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/recipe_instructions/' . $file_name;
- $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
- $this->drupalGet($file_path);
- $this->assertSession()->statusCodeEquals(403);
- }
-
- /**
- * Tests that sample articles are not accessible to the webserver.
- */
- public function testAccessDeniedToSampleArticles() {
- $file_name = 'lets-hear-it-for-carrots.html';
- $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/article_body/' . $file_name;
- $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
- $this->drupalGet($file_path);
- $this->assertSession()->statusCodeEquals(403);
- }
-
}