diff --git a/.htaccess b/.htaccess index 7db5d3e..16f1e8f 100644 --- a/.htaccess +++ b/.htaccess @@ -5,10 +5,11 @@ # Protect files and directories from prying eyes. - Require all denied + Require all granted Order allow,deny + allow from all diff --git a/core/modules/simpletest/files/htaccessTestFiles/.access_test.bak b/core/modules/simpletest/files/htaccessTestFiles/.access_test.bak new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/.access_test.orig b/core/modules/simpletest/files/htaccessTestFiles/.access_test.orig new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/.access_test.save b/core/modules/simpletest/files/htaccessTestFiles/.access_test.save new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/.access_test.sw b/core/modules/simpletest/files/htaccessTestFiles/.access_test.sw new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/.access_test.swop b/core/modules/simpletest/files/htaccessTestFiles/.access_test.swop new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.engine b/core/modules/simpletest/files/htaccessTestFiles/access_test.engine new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.inc b/core/modules/simpletest/files/htaccessTestFiles/access_test.inc new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.install b/core/modules/simpletest/files/htaccessTestFiles/access_test.install new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.make b/core/modules/simpletest/files/htaccessTestFiles/access_test.make new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.module b/core/modules/simpletest/files/htaccessTestFiles/access_test.module new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.po b/core/modules/simpletest/files/htaccessTestFiles/access_test.po new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.profile b/core/modules/simpletest/files/htaccessTestFiles/access_test.profile new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.sh b/core/modules/simpletest/files/htaccessTestFiles/access_test.sh new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.sql b/core/modules/simpletest/files/htaccessTestFiles/access_test.sql new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.theme b/core/modules/simpletest/files/htaccessTestFiles/access_test.theme new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.tpl.php b/core/modules/simpletest/files/htaccessTestFiles/access_test.tpl.php new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.twig b/core/modules/simpletest/files/htaccessTestFiles/access_test.twig new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.xtmpl b/core/modules/simpletest/files/htaccessTestFiles/access_test.xtmpl new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/simpletest/files/htaccessTestFiles/access_test.yml b/core/modules/simpletest/files/htaccessTestFiles/access_test.yml new file mode 100644 index 0000000..e69de29 diff --git a/core/modules/system/src/Tests/System/HtaccessTest.php b/core/modules/system/src/Tests/System/HtaccessTest.php index 3e8f36d..cad1f96 100644 --- a/core/modules/system/src/Tests/System/HtaccessTest.php +++ b/core/modules/system/src/Tests/System/HtaccessTest.php @@ -15,27 +15,74 @@ * @group system */ class HtaccessTest extends WebTestBase { + /** + * Get a list of protected file names to test access to. + * + * @return array + * Array of paths to files to test. + */ + protected function getProtectedFiles() { + $path = drupal_get_path('module', 'simpletest') . '/files/htaccessTestFiles/'; + $file_paths = []; + + $file_exts = [ + 'engine', + 'inc', + 'install', + 'make', + 'module', + 'profile', + 'po', + 'sh', + 'sql', + 'theme', + 'twig', + 'tpl.php', + 'xtmpl', + 'yml', + ]; + + $temp_files_exts = [ + 'sw', + 'swop', + 'bak', + 'orig', + 'save', + ]; + + foreach ($file_exts as $file_ext) { + $file_paths[] = $path . 'access_test.' . $file_ext; + } + + foreach ($temp_files_exts as $temp_ext) { + $file_paths[] = $path . '.access_test.' . $temp_ext; + } + + return $file_paths; + } /** - * Tests accessing files with .yml extensions at various locations. + * Iterates over protected files and calls assertNoFileAccess. */ - public function testYamlFileAccess() { - // Try accessing the core services YAML file. - $this->assertNoFileAccess('core/core.services.yml'); - // Try accessing a core module YAML file. - $this->assertNoFileAccess('core/modules/system/system.services.yml'); + public function testFileAccess() { + $files = $this->getProtectedFiles(); + + foreach ($files as $file) { + $this->assertNoFileAccess($file); + } } /** * Asserts that a file exists but not accessible via HTTP. * - * @param $path + * @param string $path * Path to file. Without leading slash. */ protected function assertNoFileAccess($path) { $this->assertTrue(file_exists(\Drupal::root() . '/' . $path)); $this->drupalGet($path); - $this->assertResponse(403); + $result = $this->assertResponse(403); + $this->assert($result, $path); } }