Issue #2564321 by alexpott: file_save_htaccess() generates error logs which are escaped incorrectly
xjm
parent
5e8523ecb9
commit
74d6632db9
|
|
@ -371,8 +371,8 @@ function file_save_htaccess($directory, $private = TRUE, $force_overwrite = FALS
|
||||||
return drupal_chmod($htaccess_path, 0444);
|
return drupal_chmod($htaccess_path, 0444);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$variables = array('%directory' => $directory, '!htaccess' => '<br />' . nl2br(Html::escape($htaccess_lines)));
|
$variables = array('%directory' => $directory, '@htaccess' => $htaccess_lines);
|
||||||
\Drupal::logger('security')->error("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", $variables);
|
\Drupal::logger('security')->error("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <pre><code>@htaccess</code></pre>", $variables);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,43 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @file
|
||||||
|
* Contains \Drupal\system\Tests\File\FileSaveHtaccessLoggingTest.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Drupal\system\Tests\File;
|
||||||
|
|
||||||
|
use Drupal\Component\PhpStorage\FileStorage;
|
||||||
|
use Drupal\simpletest\WebTestBase;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests the log message added by file_save_htacess().
|
||||||
|
*
|
||||||
|
* @group File
|
||||||
|
*/
|
||||||
|
class FileSaveHtaccessLoggingTest extends WebTestBase {
|
||||||
|
|
||||||
|
protected static $modules = ['dblog'];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests file_save_htaccess().
|
||||||
|
*/
|
||||||
|
function testHtaccessSave() {
|
||||||
|
// Prepare test directories.
|
||||||
|
$private = $this->publicFilesDirectory . '/test/private';
|
||||||
|
|
||||||
|
// Verify that file_save_htaccess() returns FALSE if .htaccess cannot be
|
||||||
|
// written and writes a correctly formatted message to the error log. Set
|
||||||
|
// $private to TRUE so all possible .htaccess lines are written.
|
||||||
|
$this->assertFalse(file_save_htaccess($private, TRUE));
|
||||||
|
$this->drupalLogin($this->rootUser);
|
||||||
|
$this->drupalGet('admin/reports/dblog');
|
||||||
|
$this->clickLink("Security warning: Couldn't write .htaccess file. Please…");
|
||||||
|
|
||||||
|
$lines = FileStorage::htaccessLines(TRUE);
|
||||||
|
foreach (array_filter(explode("\n", $lines)) as $line) {
|
||||||
|
$this->assertEscaped($line);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue