Skip to content

Update the Drupal sample app configuration #5182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 7, 2025
Merged

Update the Drupal sample app configuration #5182

merged 2 commits into from
Nov 7, 2025

Conversation

@catplat
Copy link
Collaborator

@catplat catplat commented Nov 6, 2025

Why

Closes #5175

What's changed

Update the top-level rule in sites/platform/static/files/fetch/appyaml/drupal10

Where are changes

http://localhost:1313/guides/drupal/deploy/configure.html#configure-apps-in-platformappyaml

Updates are for:

  • platform (sites/platform templates)
  • upsun (sites/upsun templates)

@catplat catplat linked an issue Nov 6, 2025 that may be closed by this pull request
Update the Drupal sample app configuration #5175
Closed
@github-actions
Copy link

github-actions bot commented Nov 6, 2025

Your Upsun Fixed environment has successfully deployed. 🚀

See the site:

dman-coders
dman-coders suggested changes Nov 7, 2025
View reviewed changes
Copy link
Contributor

@dman-coders dman-coders left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First iteration had a few issues.

  • don't add the extra nesting under web - it's invalid there
  • Don't remove passthru - it's needed for the app
  • Don't remove the exceptiojn for access to css and other safe files - they are all normal and need not be blocked.

It's only PHP scripts that we are refining the execution rules for. I have a replacement forthcoming ...

@dman-coders
Copy link
Contributor

dman-coders commented Nov 7, 2025

Tested the repaired version.
confirmed that index.php, install.php work, and access to css, including aggregated css works.
update.php and /core/rebuild.php are also accessible
confirmed that now sites/default/settings.php is disallowed
confirmed tha an arbitrary script like phpinfo.php is NOT allowed - this was the intent.
Going back to the endpoints I tested and reported in the original issue.
https://linear.app/platformsh/issue/ADV-2168/upsun-fixed-update-the-sample-drupal-app-configuration#comment-31e32bac

... OK, all the misc php files that were accessed incorrectly before are now blocked (good)
all the functionality we know we need remains (good)

dman-coders
dman-coders approved these changes Nov 7, 2025
View reviewed changes
Copy link
Contributor

@dman-coders dman-coders left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After reviewing together, this is valid and works.
Arbitrary php files are now disallowed (404) and required php pages are allowed still.
Correct behaviour now.

I actually tested this file on real deployments

@catplat catplat merged commit 8184ce5 into main Nov 7, 2025
14 checks passed
@catplat catplat deleted the 5175-drupal-sample branch November 7, 2025 04:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@dman-coders dman-coders dman-coders approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

markdown/prose

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update the Drupal sample app configuration

4 participants

@catplat @dman-coders @platformsh-devrel