1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<?php
namespace Drupal\Core\File;
use Drupal\Component\FileSecurity\FileSecurity;
use Drupal\Core\Site\Settings;
use Drupal\Core\StreamWrapper\PrivateStream;
use Drupal\Core\StreamWrapper\StreamWrapperManager;
use Drupal\Core\StreamWrapper\StreamWrapperManagerInterface;
use Psr\Log\LoggerInterface;
/**
* Provides functions to manage Apache .htaccess files.
*/
class HtaccessWriter implements HtaccessWriterInterface {
/**
* The stream wrapper manager.
*
* @var \Drupal\Core\StreamWrapper\StreamWrapperManagerInterface
*/
protected $streamWrapperManager;
/**
* The logger.
*
* @var \Psr\Log\LoggerInterface
*/
protected $logger;
/**
* Htaccess constructor.
*
* @param \Psr\Log\LoggerInterface $logger
* The logger.
* @param \Drupal\Core\StreamWrapper\StreamWrapperManagerInterface $stream_wrapper_manager
* The stream wrapper manager.
*/
public function __construct(LoggerInterface $logger, StreamWrapperManagerInterface $stream_wrapper_manager) {
$this->logger = $logger;
$this->streamWrapperManager = $stream_wrapper_manager;
}
/**
* {@inheritdoc}
*/
public function ensure() {
try {
foreach ($this->defaultProtectedDirs() as $protected_dir) {
$this->write($protected_dir->getPath(), $protected_dir->isPrivate());
}
$staging = Settings::get('config_sync_directory', FALSE);
if ($staging) {
// Note that we log an error here if we can't write the .htaccess file.
// This can occur if the staging directory is read-only. If it is then
// it is the user's responsibility to create the .htaccess file.
$this->write($staging, TRUE);
}
}
catch (\Exception $e) {
$this->logger->error($e->getMessage());
}
}
/**
* Creates a .htaccess file in the given directory.
*
* @param string $directory
* The directory.
* @param bool $deny_public_access
* (Optional) FALSE indicates that $directory should be a web-accessible
* directory. Defaults to TRUE which indicates a private directory.
* @param bool $force_overwrite
* (Optional) Set to TRUE to attempt to overwrite the existing .htaccess
* file if one is already present. Defaults to FALSE.
*
* @internal
*
* @return bool
* TRUE if the .htaccess file was saved or already exists, FALSE otherwise.
*
* @see \Drupal\Component\FileSecurity\FileSecurity::writeHtaccess()
*/
public function write($directory, $deny_public_access = TRUE, $force_overwrite = FALSE) {
if (StreamWrapperManager::getScheme($directory)) {
$directory = $this->streamWrapperManager->normalizeUri($directory);
}
else {
$directory = rtrim($directory, '/\\');
}
if (FileSecurity::writeHtaccess($directory, $deny_public_access, $force_overwrite)) {
return TRUE;
}
$this->logger->error("Security warning: Couldn't write .htaccess file. Create a .htaccess file in your %directory directory which contains the following lines: <pre><code>@htaccess</code></pre>", [
'%directory' => $directory,
'@htaccess' => FileSecurity::htaccessLines($deny_public_access),
]);
return FALSE;
}
/**
* {@inheritdoc}
*/
public function defaultProtectedDirs() {
$protected_dirs[] = new ProtectedDirectory('Public files directory', 'public://');
if (PrivateStream::basePath()) {
$protected_dirs[] = new ProtectedDirectory('Private files directory', 'private://', TRUE);
}
$protected_dirs[] = new ProtectedDirectory('Temporary files directory', 'temporary://');
// The assets path may be the same as the public file path, if so don't try
// to write the same .htaccess twice.
$public_path = Settings::get('file_public_path', 'sites/default/files');
$assets_path = Settings::get('file_assets_path', $public_path);
if ($assets_path !== $public_path) {
$protected_dirs[] = new ProtectedDirectory('Optimized assets directory', $assets_path);
}
return $protected_dirs;
}
}
|
