Unverified Commit 39183a29 authored by alexpott's avatar alexpott

Issue #2869916 by johndevman, tstoeckler, borisson_, larowlan:...

Issue #2869916 by johndevman, tstoeckler, borisson_, larowlan: SiteConfigureForm ignores 'skip_permissions_hardening' setting
parent 77b3dbd2
......@@ -6,6 +6,7 @@
use Drupal\Core\Form\ConfigFormBase;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Locale\CountryManagerInterface;
use Drupal\Core\Site\Settings;
use Drupal\Core\State\StateInterface;
use Drupal\user\UserStorageInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
......@@ -133,7 +134,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
// distract from the message that the Drupal installation has completed
// successfully.)
$post_params = $this->getRequest()->request->all();
if (empty($post_params) && (!drupal_verify_install_file($this->root . '/' . $settings_file, FILE_EXIST | FILE_READABLE | FILE_NOT_WRITABLE) || !drupal_verify_install_file($this->root . '/' . $settings_dir, FILE_NOT_WRITABLE, 'dir'))) {
if (empty($post_params) && (Settings::get('skip_permissions_hardening') || !drupal_verify_install_file($this->root . '/' . $settings_file, FILE_EXIST | FILE_READABLE | FILE_NOT_WRITABLE) || !drupal_verify_install_file($this->root . '/' . $settings_dir, FILE_NOT_WRITABLE, 'dir'))) {
drupal_set_message(t('All necessary changes to %dir and %file have been made, so you should remove write permissions to them now in order to avoid security risks. If you are unsure how to do so, consult the <a href=":handbook_url">online handbook</a>.', ['%dir' => $settings_dir, '%file' => $settings_file, ':handbook_url' => 'https://www.drupal.org/server-permissions']), 'warning');
}
......
<?php
namespace Drupal\FunctionalTests\Installer;
/**
* Verifies that the installer skipped permission hardening.
*
* @group Installer
*/
class InstallerSkipPermissionHardeningTest extends InstallerTestBase {
/**
* {@inheritdoc}
*/
protected function prepareEnvironment() {
parent::prepareEnvironment();
$this->settings['settings']['skip_permissions_hardening'] = (object) ['value' => TRUE, 'required' => TRUE];
}
/**
* {@inheritdoc}
*/
protected function setUpSite() {
$site_directory = $this->container->get('app.root') . '/' . $this->siteDirectory;
$this->assertTrue(is_writable($site_directory));
$this->assertTrue(is_writable($site_directory . '/settings.php'));
$this->assertSession()->responseContains('All necessary changes to <em class="placeholder">' . $this->siteDirectory . '</em> and <em class="placeholder">' . $this->siteDirectory . '/settings.php</em> have been made, so you should remove write permissions to them now in order to avoid security risks. If you are unsure how to do so, consult the <a href="https://www.drupal.org/server-permissions">online handbook</a>.');
parent::setUpSite();
}
/**
* Verifies the expected behaviors of the installation result.
*/
public function testInstalled() {
$this->assertSession()->addressEquals('user/1');
$this->assertSession()->statusCodeEquals(200);
}
}
......@@ -73,6 +73,12 @@ protected function setUpSite() {
// Assert that the expected title is present.
$this->assertEqual('Configure site', $this->cssSelect('main h2')[0]->getText());
// Test that SiteConfigureForm::buildForm() has made the site directory and
// the settings file non-writable.
$site_directory = $this->container->get('app.root') . '/' . $this->siteDirectory;
$this->assertFalse(is_writable($site_directory));
$this->assertFalse(is_writable($site_directory . '/settings.php'));
parent::setUpSite();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment