3 namespace Drupal\system\Tests\System;
5 use Drupal\simpletest\WebTestBase;
8 * Tests .htaccess is working correctly.
12 class HtaccessTest extends WebTestBase {
19 public static $modules = ['node', 'path'];
22 * Get an array of file paths for access testing.
25 * An array keyed by file paths. Each value is the expected response code,
26 * for example, 200 or 403.
28 protected function getProtectedFiles() {
29 $path = drupal_get_path('module', 'system') . '/tests/fixtures/HtaccessTest';
31 // Tests the FilesMatch directive which denies access to certain file
33 $file_exts_to_deny = [
62 foreach ($file_exts_to_deny as $file_ext) {
63 $file_paths["$path/access_test.$file_ext"] = 403;
66 // Tests the .htaccess file in vendor and created by a Composer script.
67 // Try and access a non PHP file in the vendor directory.
68 // @see Drupal\\Core\\Composer\\Composer::ensureHtaccess
69 $file_paths['vendor/composer/installed.json'] = 403;
71 // Tests the rewrite conditions and rule that denies access to php files.
72 $file_paths['core/lib/Drupal.php'] = 403;
73 $file_paths['vendor/autoload.php'] = 403;
74 $file_paths['autoload.php'] = 403;
76 // Test extensions that should be permitted.
77 $file_exts_to_allow = [
81 foreach ($file_exts_to_allow as $file_ext) {
82 $file_paths["$path/access_test.$file_ext"] = 200;
85 // Ensure composer.json and composer.lock cannot be accessed.
86 $file_paths["$path/composer.json"] = 403;
87 $file_paths["$path/composer.lock"] = 403;
93 * Iterates over protected files and calls assertNoFileAccess().
95 public function testFileAccess() {
96 foreach ($this->getProtectedFiles() as $file => $response_code) {
97 $this->assertFileAccess($file, $response_code);
100 // Test that adding "/1" to a .php URL does not make it accessible.
101 $this->drupalGet('core/lib/Drupal.php/1');
102 $this->assertResponse(403, "Access to core/lib/Drupal.php/1 is denied.");
104 // Test that it is possible to have path aliases containing .php.
105 $type = $this->drupalCreateContentType();
107 // Create an node aliased to test.php.
108 $node = $this->drupalCreateNode([
109 'title' => 'This is a node',
110 'type' => $type->id(),
111 'path' => '/test.php'
114 $this->drupalGet('test.php');
115 $this->assertResponse(200);
116 $this->assertText('This is a node');
118 // Update node's alias to test.php/test.
119 $node->path = '/test.php/test';
121 $this->drupalGet('test.php/test');
122 $this->assertResponse(200);
123 $this->assertText('This is a node');
127 * Asserts that a file exists and requesting it returns a specific response.
129 * @param string $path
130 * Path to file. Without leading slash.
131 * @param int $response_code
132 * The expected response code. For example: 200, 403 or 404.
135 * TRUE if the assertion succeeded, FALSE otherwise.
137 protected function assertFileAccess($path, $response_code) {
138 $result = $this->assertTrue(file_exists(\Drupal::root() . '/' . $path), "The file $path exists.");
139 $this->drupalGet($path);
140 $result = $result && $this->assertResponse($response_code, "Response code to $path is $response_code.");
145 * Tests that SVGZ files are served with Content-Encoding: gzip.
147 public function testSvgzContentEncoding() {
148 $this->drupalGet('core/modules/system/tests/logo.svgz');
149 $this->assertResponse(200);
150 $header = $this->drupalGetHeader('Content-Encoding');
151 $this->assertEqual($header, 'gzip');