<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">

  1. test => should be removed, we no longer have .test files
  2. info => should be yml instead
  3. tpl.php => twig should be added too
CommentFileSizeAuthor
#10 2253109.10.patch1.49 KBalexpott
#1 drupal-2253109.patch1.48 KBParisLiakos
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

ParisLiakos’s picture

ParisLiakos CreditAttribution: ParisLiakos commented
Component: asset library system » base system
Status: Active » Needs review
FileSize
drupal-2253109.patch1.48 KB

miss click

Crell’s picture

Crell CreditAttribution: Crell commented

1: drupal-2253109.patch queued for re-testing.

Crell’s picture

Crell CreditAttribution: Crell commented
Status: Needs review » Reviewed & tested by the community

Seems reasonable to me.

dman’s picture

dman CreditAttribution: dman commented

+1 sane. Good catch.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented

Just out of curiosity, why are we keeping tpl.php but not info? It seems like we should either keep both or remove both, no?

dman’s picture

dman CreditAttribution: dman commented

Hm.
Technically, todays d8 still has two tpl.php files in. Probably outdated and scheduled for removal by the looks.

drupal8$ find . -name "*.tpl.php"
./core/modules/system/tests/themes/test_theme_phptemplate/node--1.tpl.php
./core/modules/system/tests/themes/test_theme_phptemplate/theme_test.template_test.tpl.php

... not a reason, just an observation.

ParisLiakos’s picture

ParisLiakos CreditAttribution: ParisLiakos commented

yes and we still have phptemplate under core/themes/engines.
so in theory .tpl.php is still supported even if not used by core

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented
Status: Reviewed & tested by the community » Fixed

Got it, thanks. We should probably have a follow-up (if we don't already) to discuss if we want that to be the case in 8.0.

Committed and pushed to 8.x.

  • Commit 4e2f0f3 on 8.x by webchick: 
    Issue #2253109 by ParisLiakos: Bring .htaccess and web.config up to date...
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott commented
Status: Fixed » Needs review
FileSize
2253109.10.patch1.49 KB

The yml exclusion is interesting - it has been discussed in another issue #1956698: Prevent access to YAML files using .htaccess and web.config to quote @Dave Reid

This sounds dubious. We should protect from yml in certain directories, but we shouldn't deny access completely to a serialization format? This seems comparable to if we blocked .json file extensions?

Patch changes exclusion to be .info.yml which prevents the module version discovery.

ParisLiakos’s picture

ParisLiakos CreditAttribution: ParisLiakos commented
Title: Bring .htaccess and web.config up to date » Followup: Bring .htaccess and web.config up to date
Status: Needs review » Reviewed & tested by the community

good point! .info.yml switch is ok.
we can see what to do for other yaml files on this other issue

Dries’s picture

Dries CreditAttribution: Dries commented
Status: Reviewed & tested by the community » Fixed

Committed 8.x. Thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.