1. class
  2. Drupal
  3. \
  4. Composer
  5. \
  6. Plugin
  7. \
  8. VendorHardening
  9. \
  10. FileSecurity

FileSecurity

class FileSecurity (View source)

internal  
 

Provides file security functions.

IMPORTANT: This file is duplicated at /lib/Drupal/Component/FileSecurity. If any change is made here, the same change should be made in the duplicate. See https://www.drupal.org/project/drupal/issues/3079481.

Methods

static bool
writeHtaccess(string $directory, bool $deny_public_access = TRUE, bool $force = FALSE)

Writes an .htaccess file in the given directory, if it doesn't exist.

static string
htaccessLines(bool $deny_public_access = TRUE)

Returns the standard .htaccess lines that Drupal writes.

static string
htaccessPreventExecution()

Returns htaccess directives to deny execution in a given directory.

static string
denyPublicAccess()

Returns htaccess directives to block all access to a given directory.

static bool
writeWebConfig(string $directory, bool $force = FALSE)

Writes a web.config file in the given directory, if it doesn't exist.

static string
webConfigLines()

Returns the standard web.config lines for security.

static bool
writeFile(string $directory, string $filename, string $contents, bool $force)

Writes the contents to the file in the given directory.

Details

at line 30
static bool writeHtaccess(string $directory, bool $deny_public_access = TRUE, bool $force = FALSE)

Writes an .htaccess file in the given directory, if it doesn't exist.

Parameters

string $directory

The directory.
bool $deny_public_access

(optional) Set to FALSE to ensure an .htaccess file for an open and public directory. Default is TRUE.
bool $force

(optional) Set to TRUE to force overwrite an existing file.

Return Value

bool

TRUE if the file already exists or was created. FALSE otherwise.

at line 48
static string htaccessLines(bool $deny_public_access = TRUE)

Returns the standard .htaccess lines that Drupal writes.

Parameters

bool $deny_public_access

(optional) Set to FALSE to return the .htaccess lines for an open and public directory that allows Apache to serve files, but not execute code. The default is TRUE, which returns the .htaccess lines for a private and protected directory that Apache will deny all access to.

Return Value

string

The desired contents of the .htaccess file.

See also

file_save_htaccess()

at line 64
static protected string htaccessPreventExecution()

Returns htaccess directives to deny execution in a given directory.

Return Value

string

Apache htaccess directives to prevent execution of files in a location.

at line 89
static protected string denyPublicAccess()

Returns htaccess directives to block all access to a given directory.

Return Value

string

Apache htaccess directives to block access to a location.

at line 114
static bool writeWebConfig(string $directory, bool $force = FALSE)

Writes a web.config file in the given directory, if it doesn't exist.

Parameters

string $directory

The directory.
bool $force

(optional) Set to TRUE to force overwrite an existing file.

Return Value

bool

TRUE if the file already exists or was created. FALSE otherwise.

at line 124
static string webConfigLines()

Returns the standard web.config lines for security.

Return Value

string

The contents of the web.config file.

at line 151
static protected bool writeFile(string $directory, string $filename, string $contents, bool $force)

Writes the contents to the file in the given directory.

Parameters

string $directory

The directory to write to.
string $filename

The file name.
string $contents

The file contents.
bool $force

TRUE if we should force the write over an existing file.

Return Value

bool

TRUE if writing the file was successful.