diff --git a/.htaccess b/.htaccess index a69bdd4..86a4669 100644 --- a/.htaccess +++ b/.htaccess @@ -3,7 +3,7 @@ # # Protect files and directories from prying eyes. - + Order allow,deny diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc index 5ba4aa5..5d3c4f0 100644 --- a/core/includes/install.core.inc +++ b/core/includes/install.core.inc @@ -1011,11 +1011,9 @@ function install_settings_form_submit($form, &$form_state) { if (!file_prepare_directory($config_path, FILE_CREATE_DIRECTORY)) { // How best to handle errors here? }; - - // Write out a .htaccess file that will protect the config directory from - // prying eyes. + // Secure the config directory. file_save_htaccess($config_path, TRUE); - + // Indicate that the settings file has been verified, and check the database // for the last completed task, now that we have a valid connection. This // last step is important since we want to trigger an error if the new diff --git a/core/lib/Drupal/Core/Config/DrupalConfig.php b/core/lib/Drupal/Core/Config/DrupalConfig.php index 7d283f1..644a059 100644 --- a/core/lib/Drupal/Core/Config/DrupalConfig.php +++ b/core/lib/Drupal/Core/Config/DrupalConfig.php @@ -23,6 +23,8 @@ class DrupalConfig { * * @param DrupalConfigVerifiedStorageInterface $verified_storage * The storage engine where this config object should be saved. + * + * @todo $this should really know about $name and make it publicly accessible. */ public function __construct(DrupalConfigVerifiedStorageInterface $verified_storage) { $this->_verifiedStorage = $verified_storage; diff --git a/core/lib/Drupal/Core/Config/DrupalConfigVerifiedStorage.php b/core/lib/Drupal/Core/Config/DrupalConfigVerifiedStorage.php index f87a19d..ca37cdd 100644 --- a/core/lib/Drupal/Core/Config/DrupalConfigVerifiedStorage.php +++ b/core/lib/Drupal/Core/Config/DrupalConfigVerifiedStorage.php @@ -10,6 +10,15 @@ use Drupal\Core\Config\SignedFileStorage; */ abstract class DrupalConfigVerifiedStorage implements DrupalConfigVerifiedStorageInterface { + protected $name; + + /** + * The local signed file object to read from and write to. + * + * @var SignedFileStorage + */ + protected $signedFile; + /** * Implements DrupalConfigVerifiedStorageInterface::__construct(). */ @@ -18,20 +27,23 @@ abstract class DrupalConfigVerifiedStorage implements DrupalConfigVerifiedStorag } /** - * @todo + * Instantiates a new signed file object or returns the existing one. * - * @return - * @todo + * @return SignedFileStorage + * The signed file object for this configuration object. */ protected function signedFileStorage() { - return new SignedFileStorage($this->name); + if (!isset($this->signedFile)) { + $this->signedFile = new SignedFileStorage($this->name); + } + return $this->signedFile; } /** * Implements DrupalConfigVerifiedStorageInterface::copyToFile(). */ public function copyToFile() { - return $this->signedFileStorage()->write($this->read()); + return $this->writeToFile($this->read()); } /** @@ -70,7 +82,14 @@ abstract class DrupalConfigVerifiedStorage implements DrupalConfigVerifiedStorag */ public function write($data) { $this->writeToActive($data); - $this->copyToFile(); + $this->writeToFile($data); + } + + /** + * Implements DrupalConfigVerifiedStorageInterface::writeToFile(). + */ + public function writeToFile($data) { + return $this->signedFileStorage()->write($data); } /** diff --git a/core/lib/Drupal/Core/Config/DrupalConfigVerifiedStorageInterface.php b/core/lib/Drupal/Core/Config/DrupalConfigVerifiedStorageInterface.php index b5eae3a..2fdce76 100644 --- a/core/lib/Drupal/Core/Config/DrupalConfigVerifiedStorageInterface.php +++ b/core/lib/Drupal/Core/Config/DrupalConfigVerifiedStorageInterface.php @@ -48,6 +48,14 @@ interface DrupalConfigVerifiedStorageInterface { function isOutOfSync(); /** + * Writes the configuration data into the active storage and the file. + * + * @param $data + * The configuration data to write. + */ + function write($data); + + /** * Writes the configuration data into the active storage but not the file. * * Use this function if you need to make temporary changes to your @@ -59,12 +67,12 @@ interface DrupalConfigVerifiedStorageInterface { function writeToActive($data); /** - * Writes the configuration data into the active storage and the file. + * Writes the configuration data into the file. * * @param $data - * The configuration data to write. + * The configuration data to write into the file. */ - function write($data); + function writeToFile($data); /** * Gets names starting with this prefix. diff --git a/core/modules/config/config.test b/core/modules/config/config.test index 80d68a5..d97eff1 100644 --- a/core/modules/config/config.test +++ b/core/modules/config/config.test @@ -5,21 +5,22 @@ * Tests for Configuration module. */ +use Drupal\Core\Config\SignedFileStorage; + /** * Tests the secure file writer. */ -class SecureFileTestCase extends DrupalUnitTestCase { +class ConfigFileSecurityTestCase extends DrupalWebTestCase { + protected $profile = 'testing'; + protected $filename = 'foo.bar'; - /** - * @todo - */ protected $testContent = 'Good morning, Denver!'; public static function getInfo() { return array( - 'name' => 'Secure file tests', - 'description' => 'Tests the saving of secure files.', + 'name' => 'File security', + 'description' => 'Tests security of saved configuration files.', 'group' => 'Configuration', ); } @@ -88,22 +89,69 @@ class SecureFileTestCase extends DrupalUnitTestCase { /** * Tests reading and writing file contents. */ -class FileContentsTestCase extends DrupalWebTestCase { +class ConfigFileContentTestCase extends DrupalWebTestCase { + protected $profile = 'testing'; + + protected $fileExtension = 'xml'; + public static function getInfo() { return array( - 'name' => 'Config file content tests', - 'description' => 'Tests the reading and writing of config settings.', + 'name' => 'File content', + 'description' => 'Tests reading and writing of configuration files.', 'group' => 'Configuration', ); } /** - * Tests that a simple setting can be written and read. + * Tests setting, writing, and reading of a configuration setting. */ - public function testReadWriteConfig() { - $config = config('foo.bar'); - $config->set('foo', 'bar'); + function testReadWriteConfig() { + $config_dir = config_get_config_directory(); + $name = 'foo.bar'; + $key = 'foo'; + $value = 'bar'; + + // Attempt to read non-existing configuration. + $config = config($name); + // Verify an configuration object is returned. +// $this->assertEqual($config->name, $name); + $this->assertTrue($config); + // Verify the configuration object is empty. + $this->assertEqual($config->get(), array()); + // Verify nothing was saved. + $db_config = db_query('SELECT * FROM {config} WHERE name = :name', array(':name' => $name))->fetch(); + $this->assertIdentical($db_config, FALSE); + $this->assertFalse(file_exists($config_dir . '/' . $name . '.' . $this->fileExtension)); + + // Save the configuration. + $config = config($name); + $config->set($key, $value); $config->save(); - $this->assertEqual('bar', config('foo.bar')->get('foo'), 'Content retrived from written config data.'); + // Verify the database entry exists. + $db_config = db_query('SELECT * FROM {config} WHERE name = :name', array(':name' => $name))->fetch(); + $this->assertEqual($db_config->name, $name); + // Verify the file exists. + $this->assertTrue(file_exists($config_dir . '/' . $name . '.' . $this->fileExtension)); + + // Read the configuration. + $config = config($name); +// $this->assertEqual($config->name, $name); + $this->assertTrue($config); + $this->assertEqual($config->get($key), $value); + + // Delete the configuration. + $config = config($name); + $config->delete(); + // Verify the database entry no longer exists. + $db_config = db_query('SELECT * FROM {config} WHERE name = :name', array(':name' => $name))->fetch(); + $this->assertIdentical($db_config, FALSE); + $this->assertFalse(file_exists($config_dir . '/' . $name . '.' . $this->fileExtension)); + + // Attempt to delete non-existing configuration. + // Write and read an array value. + // Add an array value to a nested key. + // Type casting into string. + // NULL value behavior. + // List config names by prefix. } } diff --git a/core/modules/image/image.test b/core/modules/image/image.test index af16c20..91b5e4f 100644 --- a/core/modules/image/image.test +++ b/core/modules/image/image.test @@ -911,7 +911,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { image_effect_save('test', $effect); $img_tag = theme_image_style($variables); - $this->assertEqual($img_tag, '', t('Expected img tag was found.')); + $this->assertEqual($img_tag, ''); $this->assertFalse(file_exists($generated_uri), t('Generated file does not exist.')); $this->drupalGet($url); $this->assertResponse(200, t('Image was generated at the URL.')); @@ -931,7 +931,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { image_effect_save('test', $effect); $img_tag = theme_image_style($variables); - $this->assertEqual($img_tag, '', t('Expected img tag was found.')); + $this->assertEqual($img_tag, ''); $this->assertFalse(file_exists($generated_uri), t('Generated file does not exist.')); $this->drupalGet($url); $this->assertResponse(200, t('Image was generated at the URL.')); @@ -944,7 +944,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { $effect = array( 'name' => 'image_scale', 'data' => array( - 'width' => 120, + 'width' => 45, 'height' => 90, 'upscale' => TRUE, ), @@ -952,7 +952,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { image_effect_save('test', $effect); $img_tag = theme_image_style($variables); - $this->assertEqual($img_tag, '', t('Expected img tag was found.')); + $this->assertEqual($img_tag, ''); $this->assertFalse(file_exists($generated_uri), t('Generated file does not exist.')); $this->drupalGet($url); $this->assertResponse(200, t('Image was generated at the URL.')); @@ -973,7 +973,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { image_effect_save('test', $effect); $img_tag = theme_image_style($variables); - $this->assertEqual($img_tag, '', t('Expected img tag was found.')); + $this->assertEqual($img_tag, ''); $this->assertFalse(file_exists($generated_uri), t('Generated file does not exist.')); $this->drupalGet($url); $this->assertResponse(200, t('Image was generated at the URL.')); @@ -990,7 +990,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { image_effect_save('test', $effect); $img_tag = theme_image_style($variables); - $this->assertEqual($img_tag, '', t('Expected img tag was found.')); + $this->assertEqual($img_tag, ''); $this->assertFalse(file_exists($generated_uri), t('Generated file does not exist.')); $this->drupalGet($url); $this->assertResponse(200, t('Image was generated at the URL.')); @@ -1010,7 +1010,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { image_effect_save('test', $effect); $img_tag = theme_image_style($variables); - $this->assertEqual($img_tag, '', t('Expected img tag was found.')); + $this->assertEqual($img_tag, ''); $this->assertFalse(file_exists($generated_uri), t('Generated file does not exist.')); $this->drupalGet($url); $this->assertResponse(200, t('Image was generated at the URL.')); @@ -1029,7 +1029,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { image_effect_save('test', $effect); $img_tag = theme_image_style($variables); - $this->assertEqual($img_tag, '', t('Expected img tag was found.')); + $this->assertEqual($img_tag, ''); $this->assertFalse(file_exists($generated_uri), t('Generated file does not exist.')); $this->drupalGet($url); $this->assertResponse(200, t('Image was generated at the URL.')); @@ -1049,7 +1049,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { $effect = image_effect_save('test', $effect); $img_tag = theme_image_style($variables); - $this->assertEqual($img_tag, '', t('Expected img tag was found.')); + $this->assertEqual($img_tag, ''); $this->assertFalse(file_exists($generated_uri), t('Generated file does not exist.')); $this->drupalGet($url); $this->assertResponse(200, t('Image was generated at the URL.')); @@ -1066,7 +1066,7 @@ class ImageDimensionsUnitTest extends DrupalWebTestCase { image_effect_save('test', $effect); $img_tag = theme_image_style($variables); - $this->assertEqual($img_tag, '', t('Expected img tag was found.')); + $this->assertEqual($img_tag, ''); } }