Example #1
0
 /**
  * Prepares temporary destination folder for uploaded files.
  *
  * @return bool
  *   TRUE if destination folder looks OK and FALSE otherwise.
  *
  * @throws \Drupal\dropzonejs\UploadException
  */
 protected function prepareTemporaryUploadDestination()
 {
     $writable = file_prepare_directory($this->temporaryUploadLocation, FILE_CREATE_DIRECTORY);
     if (!$writable) {
         throw new UploadException(UploadException::DESTINATION_FOLDER_ERROR);
     }
     // Try to make sure this is private via htaccess.
     file_save_htaccess($this->temporaryUploadLocation, TRUE);
 }
Example #2
0
 /**
  * Check if the directory exists and create it if not.
  */
 protected function ensureStorage()
 {
     $dir = $this->getCollectionDirectory();
     $success = file_prepare_directory($dir, FILE_CREATE_DIRECTORY | FILE_MODIFY_PERMISSIONS);
     // Only create .htaccess file in root directory.
     if ($dir == $this->directory) {
         $success = $success && file_save_htaccess($this->directory, TRUE, TRUE);
     }
     if (!$success) {
         throw new StorageException('Failed to create config directory ' . $dir);
     }
     return $this;
 }
 /**
  * Tests file_save_htaccess().
  */
 function testHtaccessSave()
 {
     // Prepare test directories.
     $public = $this->publicFilesDirectory . '/test/public';
     $private = $this->publicFilesDirectory . '/test/private';
     $stream = 'public://test/stream';
     // Verify that file_save_htaccess() returns FALSE if .htaccess cannot be
     // written.
     // Note: We cannot test the condition of a directory lacking write
     // permissions, since at least on Windows file_save_htaccess() succeeds
     // even when changing directory permissions to 0000.
     $this->assertFalse(file_save_htaccess($public, FALSE));
     // Create public .htaccess file.
     mkdir($public, 0777, TRUE);
     $this->assertTrue(file_save_htaccess($public, FALSE));
     $content = file_get_contents($public . '/.htaccess');
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
     $this->assertFalse(strpos($content, "Require all denied") !== FALSE);
     $this->assertFalse(strpos($content, "Deny from all") !== FALSE);
     $this->assertTrue(strpos($content, "Options None") !== FALSE);
     $this->assertTrue(strpos($content, "Options +FollowSymLinks") !== FALSE);
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
     $this->assertFilePermissions($public . '/.htaccess', 0444);
     $this->assertTrue(file_save_htaccess($public, FALSE));
     // Create private .htaccess file.
     mkdir($private, 0777, TRUE);
     $this->assertTrue(file_save_htaccess($private));
     $content = file_get_contents($private . '/.htaccess');
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
     $this->assertTrue(strpos($content, "Require all denied") !== FALSE);
     $this->assertTrue(strpos($content, "Deny from all") !== FALSE);
     $this->assertTrue(strpos($content, "Options None") !== FALSE);
     $this->assertTrue(strpos($content, "Options +FollowSymLinks") !== FALSE);
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
     $this->assertFilePermissions($private . '/.htaccess', 0444);
     $this->assertTrue(file_save_htaccess($private));
     // Create an .htaccess file using a stream URI.
     mkdir($stream, 0777, TRUE);
     $this->assertTrue(file_save_htaccess($stream));
     $content = file_get_contents($stream . '/.htaccess');
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
     $this->assertTrue(strpos($content, "Require all denied") !== FALSE);
     $this->assertTrue(strpos($content, "Deny from all") !== FALSE);
     $this->assertTrue(strpos($content, "Options None") !== FALSE);
     $this->assertTrue(strpos($content, "Options +FollowSymLinks") !== FALSE);
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
     $this->assertFilePermissions($stream . '/.htaccess', 0444);
     $this->assertTrue(file_save_htaccess($stream));
 }
 /**
  * Tests file_save_htaccess().
  */
 function testHtaccessSave()
 {
     // Prepare test directories.
     $private = $this->publicFilesDirectory . '/test/private';
     // Verify that file_save_htaccess() returns FALSE if .htaccess cannot be
     // written and writes a correctly formatted message to the error log. Set
     // $private to TRUE so all possible .htaccess lines are written.
     $this->assertFalse(file_save_htaccess($private, TRUE));
     $this->drupalLogin($this->rootUser);
     $this->drupalGet('admin/reports/dblog');
     $this->clickLink("Security warning: Couldn't write .htaccess file. Pleaseā€¦");
     $lines = FileStorage::htaccessLines(TRUE);
     foreach (array_filter(explode("\n", $lines)) as $line) {
         $this->assertEscaped($line);
     }
 }