dan/dchadwick
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit.

Browse Source
This commit is contained in:
Dan 2024-03-09 21:10:38 -05:00
commit eb0b3c3f5b
28 changed files with 6990 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.editorconfig Normal file
View File

@ -0,0 +1,17 @@
# Drupal editor configuration normalization
# @see http://editorconfig.org/
# This is the top-most .editorconfig file; do not search in parent directories.
root = true
# All files.
[*]
end_of_line = LF
indent_style = space
indent_size = 2
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
[composer.{json,lock}]
indent_size = 4

61
.gitattributes vendored Normal file
View File

@ -0,0 +1,61 @@
# Drupal git normalization
# @see https://www.kernel.org/pub/software/scm/git/docs/gitattributes.html
# @see https://www.drupal.org/node/1542048
# Normally these settings would be done with macro attributes for improved
# readability and easier maintenance. However macros can only be defined at the
# repository root directory. Drupal avoids making any assumptions about where it
# is installed.
# Define text file attributes.
# - Treat them as text.
# - Ensure no CRLF line-endings, neither on checkout nor on checkin.
# - Detect whitespace errors.
# - Exposed by default in `git diff --color` on the CLI.
# - Validate with `git diff --check`.
# - Deny applying with `git apply --whitespace=error-all`.
# - Fix automatically with `git apply --whitespace=fix`.
*.config text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.css text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.dist text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.engine text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php linguist-language=php
*.html text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=html
*.inc text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php linguist-language=php
*.install text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php linguist-language=php
*.js text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.json text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.lock text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.map text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.md text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.module text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php linguist-language=php
*.php text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php linguist-language=php
*.po text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.profile text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php linguist-language=php
*.script text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.sh text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php linguist-language=php
*.sql text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.svg text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.theme text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php linguist-language=php
*.twig text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.txt text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.xml text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
*.yml text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
# Define binary file attributes.
# - Do not treat them as text.
# - Include binary diff in patches instead of "binary files differ."
*.eot -text diff
*.exe -text diff
*.gif -text diff
*.gz -text diff
*.ico -text diff
*.jpeg -text diff
*.jpg -text diff
*.otf -text diff
*.phar -text diff
*.png -text diff
*.svgz -text diff
*.ttf -text diff
*.woff -text diff
*.woff2 -text diff

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
vendor/
web/modules/contrib
web/core

96
composer.json Normal file
View File

@ -0,0 +1,96 @@
{
"name": "drupal/recommended-project",
"description": "Project template for Drupal projects with a relocated document root",
"type": "project",
"license": "GPL-2.0-or-later",
"homepage": "https://www.drupal.org/project/drupal",
"support": {
"docs": "https://www.drupal.org/docs/user_guide/en/index.html",
"chat": "https://www.drupal.org/node/314178"
},
"repositories": [
{
"type": "composer",
"url": "https://packages.drupal.org/8"
}
],
"require": {
"composer/installers": "^2.0",
"drupal/core-composer-scaffold": "^10.2",
"drupal/core-project-message": "^10.2",
"drupal/core-recommended": "^10.2"
},
"conflict": {
"drupal/drupal": "*"
},
"minimum-stability": "stable",
"prefer-stable": true,
"config": {
"allow-plugins": {
"composer/installers": true,
"drupal/core-composer-scaffold": true,
"drupal/core-project-message": true,
"phpstan/extension-installer": true,
"dealerdirect/phpcodesniffer-composer-installer": true,
"php-http/discovery": true
},
"sort-packages": true
},
"extra": {
"drupal-scaffold": {
"locations": {
"web-root": "web/"
}
},
"installer-paths": {
"web/core": [
"type:drupal-core"
],
"web/libraries/{$name}": [
"type:drupal-library"
],
"web/modules/contrib/{$name}": [
"type:drupal-module"
],
"web/profiles/contrib/{$name}": [
"type:drupal-profile"
],
"web/themes/contrib/{$name}": [
"type:drupal-theme"
],
"drush/Commands/contrib/{$name}": [
"type:drupal-drush"
],
"web/modules/custom/{$name}": [
"type:drupal-custom-module"
],
"web/profiles/custom/{$name}": [
"type:drupal-custom-profile"
],
"web/themes/custom/{$name}": [
"type:drupal-custom-theme"
]
},
"drupal-core-project-message": {
"include-keys": [
"homepage",
"support"
],
"post-create-project-cmd-message": [
"<bg=blue;fg=white> </>",
"<bg=blue;fg=white> Congratulations, youve installed the Drupal codebase </>",
"<bg=blue;fg=white> from the drupal/recommended-project template! </>",
"<bg=blue;fg=white> </>",
"",
"<bg=yellow;fg=black>Next steps</>:",
" * Install the site: https://www.drupal.org/docs/installing-drupal",
" * Read the user guide: https://www.drupal.org/docs/user_guide/en/index.html",
" * Get support: https://www.drupal.org/support",
" * Get involved with the Drupal community:",
" https://www.drupal.org/getting-involved",
" * Remove the plugin that prints this message:",
" composer remove drupal/core-project-message"
]
}
}
}

4706
composer.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

6
index.php Normal file
View File

@ -0,0 +1,6 @@
<!Doctype html>
<html lang="en">
<body>
<p>Welcome DANNANNDANN to my site.</p>
</body>
</html>

40
web/.csslintrc Normal file
View File

@ -0,0 +1,40 @@
--errors=box-model,
display-property-grouping,
duplicate-background-images,
duplicate-properties,
empty-rules,
ids,
import,
important,
known-properties,
outline-none,
overqualified-elements,
qualified-headings,
shorthand,
star-property-hack,
text-indent,
underscore-property-hack,
unique-headings,
unqualified-attributes,
vendor-prefix,
zero-units
--ignore=adjoining-classes,
box-sizing,
bulletproof-font-face,
compatible-vendor-prefixes,
errors,
fallback-colors,
floats,
font-faces,
font-sizes,
gradients,
import-ie-limit,
order-alphabetical,
regex-selectors,
rules-count,
selector-max,
selector-max-approaching,
selector-newline,
universal-selector
--exclude-list=core/assets,
vendor

8
web/.eslintignore Normal file
View File

@ -0,0 +1,8 @@
core/**/*
vendor/**/*
sites/**/files/**/*
libraries/**/*
sites/**/libraries/**/*
profiles/**/libraries/**/*
**/js_test_files/**/*
**/node_modules/**/*

3
web/.eslintrc.json Normal file
View File

@ -0,0 +1,3 @@
{
"extends": "./core/.eslintrc.json"
}

71
web/.ht.router.php Normal file
View File

@ -0,0 +1,71 @@
<?php
/**
* @file
* Router script for the built-in PHP web server.
*
* The built-in web server should only be used for development and testing as it
* has a number of limitations that makes running Drupal on it highly insecure
* and somewhat limited.
*
* Note that:
* - The server is single-threaded, any requests made during the execution of
* the main request will hang until the main request has been completed.
* - The web server does not enforce any of the settings in .htaccess in
* particular a remote user will be able to download files that normally would
* be protected from direct access such as .module files.
*
* The router script is needed to work around a bug in PHP, see
* https://bugs.php.net/bug.php?id=61286.
*
* Usage:
* php -S localhost:8888 .ht.router.php
*
* @see http://php.net/manual/en/features.commandline.webserver.php
*/
if (PHP_SAPI !== 'cli-server') {
// Bail out if this is not PHP's Development Server.
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
exit;
}
$url = parse_url($_SERVER['REQUEST_URI']);
if (file_exists(__DIR__ . $url['path'])) {
// Serve the requested resource as-is.
return FALSE;
}
// Work around the PHP bug.
$path = $url['path'];
$script = 'index.php';
if (str_contains($path, '.php')) {
// Work backwards through the path to check if a script exists. Otherwise
// fallback to index.php.
do {
$path = dirname($path);
if (preg_match('/\.php$/', $path) && is_file(__DIR__ . $path)) {
// Discovered that the path contains an existing PHP file. Use that as the
// script to include.
$script = ltrim($path, '/');
break;
}
} while ($path !== '/' && $path !== '.');
}
// Update $_SERVER variables to point to the correct index-file.
$index_file_absolute = $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . $script;
$index_file_relative = DIRECTORY_SEPARATOR . $script;
// SCRIPT_FILENAME will point to the router script itself, it should point to
// the full path of index.php.
$_SERVER['SCRIPT_FILENAME'] = $index_file_absolute;
// SCRIPT_NAME and PHP_SELF will either point to index.php or contain the full
// virtual path being requested depending on the URL being requested. They
// should always point to index.php relative to document root.
$_SERVER['SCRIPT_NAME'] = $index_file_relative;
$_SERVER['PHP_SELF'] = $index_file_relative;
// Require the script and let core take over.
require $_SERVER['SCRIPT_FILENAME'];

186
web/.htaccess Normal file
View File

@ -0,0 +1,186 @@
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
</IfModule>
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Add correct encoding for SVGZ.
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
# Most of the following PHP settings cannot be changed at runtime. See
# sites/default/default.settings.php and
# Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
# changed at runtime.
<IfModule mod_php.c>
php_value assert.active 0
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 1 year after access.
ExpiresDefault "access plus 1 year"
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Set a fallback resource if mod_rewrite is not enabled. This allows Drupal to
# work without clean URLs. This requires Apache version >= 2.2.16. If Drupal is
# not accessed by the top level URL (i.e.: http://example.com/drupal/ instead of
# http://example.com/), the path to index.php will need to be adjusted.
<IfModule !mod_rewrite.c>
FallbackResource /index.php
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "/\.|^\.(?!well-known/)" - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/foo will be redirected to http://www.example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} .
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/foo will be redirected to http://example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Redirect common PHP files to their new locations.
RewriteCond %{REQUEST_URI} ^(.*)?/(install\.php) [OR]
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild\.php)
RewriteCond %{REQUEST_URI} !core
RewriteRule ^ %1/core/%2 [L,QSA,R=301]
# Rewrite install.php during installation to see if mod_rewrite is working
RewriteRule ^core/install\.php core/install.php?rewrite=ok [QSA,L]
# Pass all requests not referring directly to files in the filesystem to
# index.php.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# For security reasons, deny access to other PHP files on public sites.
# Note: The following URI conditions are not anchored at the start (^),
# because Drupal may be located in a subdirectory. To further improve
# security, you can replace '!/' with '!^/'.
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
# Allow access to test-specific PHP files:
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics\.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*css_[a-zA-Z0-9-_]+)\.css$ $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*js_[a-zA-Z0-9-_]+)\.js$ $1\.js\.gz [QSA]
# Serve correct content types, and prevent double compression.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1,E=no-brotli:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1,E=no-brotli:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
# Various header fixes.
<IfModule mod_headers.c>
# Disable content sniffing for all responses, since it's an attack vector.
# This header is also set in FinishResponseSubscriber, which depending on
# Apache configuration might get placed in the 'onsuccess' table. To prevent
# header duplication, unset that one prior to setting in the 'always' table.
# See "To circumvent this limitation..." in
# https://httpd.apache.org/docs/current/mod/mod_headers.html.
Header onsuccess unset X-Content-Type-Options
Header always set X-Content-Type-Options nosniff
# Disable Proxy header, since it's an attack vector.
RequestHeader unset Proxy
</IfModule>

3
web/INSTALL.txt Normal file
View File

@ -0,0 +1,3 @@
Read core/INSTALL.txt for detailed installation instructions for your Drupal
website.

75
web/README.md Normal file
View File

@ -0,0 +1,75 @@
<img alt="Drupal Logo" src="https://www.drupal.org/files/Wordmark_blue_RGB.png" height="60px">
Drupal is an open source content management platform supporting a variety of
websites ranging from personal weblogs to large community-driven websites. For
more information, visit the Drupal website, [Drupal.org][Drupal.org], and join
the [Drupal community][Drupal community].
## Contributing
Drupal is developed on [Drupal.org][Drupal.org], the home of the international
Drupal community since 2001!
[Drupal.org][Drupal.org] hosts Drupal's [GitLab repository][GitLab repository],
its [issue queue][issue queue], and its [documentation][documentation]. Before
you start working on code, be sure to search the [issue queue][issue queue] and
create an issue if your aren't able to find an existing issue.
Every issue on Drupal.org automatically creates a new community-accessible fork
that you can contribute to. Learn more about the code contribution process on
the [Issue forks & merge requests page][issue forks].
## Usage
For a brief introduction, see [USAGE.txt](/core/USAGE.txt). You can also find
guides, API references, and more by visiting Drupal's [documentation
page][documentation].
You can quickly extend Drupal's core feature set by installing any of its
[thousands of free and open source modules][modules]. With Drupal and its
module ecosystem, you can often build most or all of what your project needs
before writing a single line of code.
## Changelog
Drupal keeps detailed [change records][changelog]. You can search Drupal's
changes for a record of every notable breaking change and new feature since
2011.
## Security
For a list of security announcements, see the [Security advisories
page][Security advisories] (available as [an RSS feed][security RSS]). This
page also describes how to subscribe to these announcements via email.
For information about the Drupal security process, or to find out how to report
a potential security issue to the Drupal security team, see the [Security team
page][security team].
## Need a helping hand?
Visit the [Support page][support] or browse [over a thousand Drupal
providers][service providers] offering design, strategy, development, and
hosting services.
## Legal matters
Know your rights when using Drupal by reading Drupal core's
[license](/core/LICENSE.txt).
Learn about the [Drupal trademark and logo policy here][trademark].
[Drupal.org]: https://www.drupal.org
[Drupal community]: https://www.drupal.org/community
[GitLab repository]: https://git.drupalcode.org/project/drupal
[issue queue]: https://www.drupal.org/project/issues/drupal
[issue forks]: https://www.drupal.org/drupalorg/docs/gitlab-integration/issue-forks-merge-requests
[documentation]: https://www.drupal.org/documentation
[changelog]: https://www.drupal.org/list-changes/drupal
[modules]: https://www.drupal.org/project/project_module
[security advisories]: https://www.drupal.org/security
[security RSS]: https://www.drupal.org/security/rss.xml
[security team]: https://www.drupal.org/drupal-security-team
[service providers]: https://www.drupal.org/drupal-services
[support]: https://www.drupal.org/support
[trademark]: https://www.drupal.com/trademark

16
web/autoload.php Normal file
View File

@ -0,0 +1,16 @@
<?php
/**
* @file
* Includes the autoloader created by Composer.
*
* This file was generated by drupal-scaffold.
*
* @see composer.json
* @see index.php
* @see core/install.php
* @see core/rebuild.php
* @see core/modules/statistics/statistics.php
*/
return require __DIR__ . '/../vendor/autoload.php';

42
web/example.gitignore Normal file
View File

@ -0,0 +1,42 @@
# This file contains default .gitignore rules. To use it, copy it to .gitignore,
# and it will cause files like your settings.php and user-uploaded files to be
# excluded from Git version control. This is a common strategy to avoid
# accidentally including private information in public repositories and patch
# files.
#
# Because .gitignore can be specific to your site, this file has a different
# name; updating Drupal core will not override your custom .gitignore file.
# Ignore core when managing all of a project's dependencies with Composer
# including Drupal core.
# core
# Ignore dependencies that are managed with Composer.
# Generally you should only ignore the root vendor directory. It's important
# that core/assets/vendor and any other vendor directories within contrib or
# custom module, theme, etc., are not ignored unless you purposely do so.
/vendor/
# Ignore configuration files that may contain sensitive information.
sites/*/settings*.php
sites/*/services*.yml
# Ignore paths that contain user-generated content.
sites/*/files
sites/*/private
# Ignore multi-site test environment.
sites/simpletest
# If you prefer to store your .gitignore file in the sites/ folder, comment
# or delete the previous settings and uncomment the following ones, instead.
# Ignore configuration files that may contain sensitive information.
# */settings*.php
# Ignore paths that contain user-generated content.
# */files
# */private
# Ignore multi-site test environment.
# simpletest

22
web/index.php Normal file
View File

@ -0,0 +1,22 @@
<?php
/**
* @file
* The PHP page that serves all page requests on a Drupal installation.
*
* All Drupal code is released under the GNU General Public License.
* See COPYRIGHT.txt and LICENSE.txt files in the "core" directory.
*/
use Drupal\Core\DrupalKernel;
use Symfony\Component\HttpFoundation\Request;
$autoloader = require_once 'autoload.php';
$kernel = new DrupalKernel('prod', $autoloader);
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);

42
web/modules/README.txt Normal file
View File

@ -0,0 +1,42 @@
Modules extend your site functionality beyond Drupal core.
WHAT TO PLACE IN THIS DIRECTORY?
--------------------------------
Placing downloaded and custom modules in this directory separates downloaded and
custom modules from Drupal core's modules. This allows Drupal core to be updated
without overwriting these files.
DOWNLOAD ADDITIONAL MODULES
---------------------------
Contributed modules from the Drupal community may be downloaded at
https://www.drupal.org/project/project_module.
ORGANIZING MODULES IN THIS DIRECTORY
------------------------------------
You may create subdirectories in this directory, to organize your added modules,
without breaking the site. Some common subdirectories include "contrib" for
contributed modules, and "custom" for custom modules. Note that if you move a
module to a subdirectory after it has been enabled, you may need to clear the
Drupal cache so it can be found.
There are number of directories that are ignored when looking for modules. These
are 'src', 'lib', 'vendor', 'assets', 'css', 'files', 'images', 'js', 'misc',
'templates', 'includes', 'fixtures' and 'Drupal'.
MULTISITE CONFIGURATION
-----------------------
In multisite configurations, modules found in this directory are available to
all sites. You may also put modules in the sites/all/modules directory, and the
versions in sites/all/modules will take precedence over versions of the same
module that are here. Alternatively, the sites/your_site_name/modules directory
pattern may be used to restrict modules to a specific site instance.
MORE INFORMATION
----------------
Refer to the “Developing for Drupal” section of the README.md in the Drupal
root directory for further information on extending Drupal with custom modules.

28
web/profiles/README.txt Normal file
View File

@ -0,0 +1,28 @@
Installation profiles define additional steps that run after the base
installation of Drupal is completed. They may also offer additional
functionality and change the behavior of the site.
WHAT TO PLACE IN THIS DIRECTORY?
--------------------------------
Place downloaded and custom installation profiles in this directory.
Note that installation profiles are generally provided as part of a Drupal
distribution.
DOWNLOAD ADDITIONAL DISTRIBUTIONS
---------------------------------
Contributed distributions from the Drupal community may be downloaded at
https://www.drupal.org/project/project_distribution.
MULTISITE CONFIGURATION
-----------------------
In multisite configurations, installation profiles found in this directory are
available to all sites during their initial site installation.
MORE INFORMATION
----------------
Refer to the "Installation profiles" section of the README.md in the Drupal
root directory for further information on extending Drupal with custom profiles.

73
web/robots.txt Normal file
View File

@ -0,0 +1,73 @@
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.md
Disallow: /composer/Metapackage/README.txt
Disallow: /composer/Plugin/ProjectMessage/README.md
Disallow: /composer/Plugin/Scaffold/README.md
Disallow: /composer/Plugin/VendorHardening/README.txt
Disallow: /composer/Template/README.txt
Disallow: /modules/README.txt
Disallow: /sites/README.txt
Disallow: /themes/README.txt
Disallow: /web.config
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register
Disallow: /user/password
Disallow: /user/login
Disallow: /user/logout
Disallow: /media/oembed
Disallow: /*/media/oembed
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /index.php/media/oembed
Disallow: /index.php/*/media/oembed

10
web/sites/README.txt Normal file
View File

@ -0,0 +1,10 @@
This directory structure contains the settings and configuration files specific
to your site or sites and is an integral part of multisite configurations.
It is now recommended to place your custom and downloaded extensions in the
/modules, /themes, and /profiles directories located in the Drupal root. The
sites/all/ subdirectory structure, which was recommended in previous versions
of Drupal, is still supported.
See core/INSTALL.txt for information about single-site installation or
multisite configuration.

230
web/sites/default/default.services.yml Normal file
View File

@ -0,0 +1,230 @@
parameters:
session.storage.options:
# Default ini options for sessions.
#
# Some distributions of Linux (most notably Debian) ship their PHP
# installations with garbage collection (gc) disabled. Since Drupal depends
# on PHP's garbage collection for clearing sessions, ensure that garbage
# collection occurs by using the most common settings.
# @default 1
gc_probability: 1
# @default 100
gc_divisor: 100
#
# Set session lifetime (in seconds), i.e. the grace period for session
# data. Sessions are deleted by the session garbage collector after one
# session lifetime has elapsed since the user's last visit. When a session
# is deleted, authenticated users are logged out, and the contents of the
# user's session is discarded.
# @default 200000
gc_maxlifetime: 200000
#
# Set session cookie lifetime (in seconds), i.e. the time from the session
# is created to the cookie expires, i.e. when the browser is expected to
# discard the cookie. The value 0 means "until the browser is closed".
# @default 2000000
cookie_lifetime: 2000000
#
# Drupal automatically generates a unique session cookie name based on the
# full domain name used to access the site. This mechanism is sufficient
# for most use-cases, including multi-site deployments. However, if it is
# desired that a session can be reused across different subdomains, the
# cookie domain needs to be set to the shared base domain. Doing so assures
# that users remain logged in as they cross between various subdomains.
# To maximize compatibility and normalize the behavior across user agents,
# the cookie domain should start with a dot.
#
# @default none
# cookie_domain: '.example.com'
#
# Set the SameSite cookie attribute: 'None', 'Lax', or 'Strict'. If set,
# this value will override the server value. See
# https://www.php.net/manual/en/session.security.ini.php for more
# information.
# @default no value
cookie_samesite: Lax
#
# Set the session ID string length. The length can be between 22 to 256. The
# PHP recommended value is 48. See
# https://www.php.net/manual/session.security.ini.php for more information.
# This value should be kept in sync with
# \Drupal\Core\Session\SessionConfiguration::__construct()
# @default 48
sid_length: 48
#
# Set the number of bits in encoded session ID character. The possible
# values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-",
# ","). The PHP recommended value is 6. See
# https://www.php.net/manual/session.security.ini.php for more information.
# This value should be kept in sync with
# \Drupal\Core\Session\SessionConfiguration::__construct()
# @default 6
sid_bits_per_character: 6
twig.config:
# Twig debugging:
#
# When debugging is enabled:
# - The markup of each Twig template is surrounded by HTML comments that
# contain theming information, such as template file name suggestions.
# - Note that this debugging markup will cause automated tests that directly
# check rendered HTML to fail. When running automated tests, 'debug'
# should be set to FALSE.
# - The dump() function can be used in Twig templates to output information
# about template variables.
# - Twig templates are automatically recompiled whenever the source code
# changes (see auto_reload below).
#
# For more information about debugging Twig templates, see
# https://www.drupal.org/node/1906392.
#
# Enabling Twig debugging is not recommended in production environments.
# @default false
debug: false
# Twig auto-reload:
#
# Automatically recompile Twig templates whenever the source code changes.
# If you don't provide a value for auto_reload, it will be determined
# based on the value of debug.
#
# Enabling auto-reload is not recommended in production environments.
# @default null
auto_reload: null
# Twig cache:
#
# By default, Twig templates will be compiled and stored in the filesystem
# to increase performance. Disabling the Twig cache will recompile the
# templates from source each time they are used. In most cases the
# auto_reload setting above should be enabled rather than disabling the
# Twig cache.
#
# Disabling the Twig cache is not recommended in production environments.
# @default true
cache: true
# File extensions:
#
# List of file extensions the Twig system is allowed to load via the
# twig.loader.filesystem service. Files with other extensions will not be
# loaded unless they are added here. For example, to allow a file named
# 'example.partial' to be loaded, add 'partial' to this list. To load files
# with no extension, add an empty string '' to the list.
#
# @default ['css', 'html', 'js', 'svg', 'twig']
allowed_file_extensions:
- css
- html
- js
- svg
- twig
renderer.config:
# Renderer required cache contexts:
#
# The Renderer will automatically associate these cache contexts with every
# render array, hence varying every render array by these cache contexts.
#
# @default ['languages:language_interface', 'theme', 'user.permissions']
required_cache_contexts: ['languages:language_interface', 'theme', 'user.permissions']
# Renderer automatic placeholdering conditions:
#
# Drupal allows portions of the page to be automatically deferred when
# rendering to improve cache performance. That is especially helpful for
# cache contexts that vary widely, such as the active user. On some sites
# those may be different, however, such as sites with only a handful of
# users. If you know what the high-cardinality cache contexts are for your
# site, specify those here. If you're not sure, the defaults are fairly safe
# in general.
#
# For more information about rendering optimizations see
# https://www.drupal.org/developing/api/8/render/arrays/cacheability#optimizing
auto_placeholder_conditions:
# Max-age at or below which caching is not considered worthwhile.
#
# Disable by setting to -1.
#
# @default 0
max-age: 0
# Cache contexts with a high cardinality.
#
# Disable by setting to [].
#
# @default ['session', 'user']
contexts: ['session', 'user']
# Tags with a high invalidation frequency.
#
# Disable by setting to [].
#
# @default []
tags: []
# Renderer cache debug:
#
# Allows cache debugging output for each rendered element.
#
# Enabling render cache debugging is not recommended in production
# environments.
# @default false
debug: false
# Cacheability debugging:
#
# Responses with cacheability metadata (CacheableResponseInterface instances)
# get X-Drupal-Cache-Tags, X-Drupal-Cache-Contexts and X-Drupal-Cache-Max-Age
# headers.
#
# For more information about debugging cacheable responses, see
# https://www.drupal.org/developing/api/8/response/cacheable-response-interface
#
# Enabling cacheability debugging is not recommended in production
# environments.
# @default false
http.response.debug_cacheability_headers: false
factory.keyvalue: {}
# Default key/value storage service to use.
# @default keyvalue.database
# default: keyvalue.database
# Collection-specific overrides.
# state: keyvalue.database
factory.keyvalue.expirable: {}
# Default key/value expirable storage service to use.
# @default keyvalue.database.expirable
# default: keyvalue.database.expirable
# Allowed protocols for URL generation.
filter_protocols:
- http
- https
- ftp
- news
- nntp
- tel
- telnet
- mailto
- irc
- ssh
- sftp
- webcal
- rtsp
# Configure Cross-Site HTTP requests (CORS).
# Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
# for more information about the topic in general.
# Note: By default the configuration is disabled.
cors.config:
enabled: false
# Specify allowed headers, like 'x-allowed-header'.
allowedHeaders: []
# Specify allowed request methods, specify ['*'] to allow all possible ones.
allowedMethods: []
# Configure requests allowed from specific origins. Do not include trailing
# slashes with URLs.
allowedOrigins: ['*']
# Configure requests allowed from origins, matching against regex patterns.
allowedOriginsPatterns: []
# Sets the Access-Control-Expose-Headers header.
exposedHeaders: false
# Sets the Access-Control-Max-Age header.
maxAge: false
# Sets the Access-Control-Allow-Credentials header.
supportsCredentials: false
queue.config:
# The maximum number of seconds to wait if a queue is temporarily suspended.
# This is not applicable when a queue is suspended but does not specify
# how long to wait before attempting to resume.
suspendMaximumWait: 30

883
web/sites/default/default.settings.php Normal file
View File

@ -0,0 +1,883 @@
<?php
// phpcs:ignoreFile
/**
* @file
* Drupal site-specific configuration file.
*
* IMPORTANT NOTE:
* This file may have been set to read-only by the Drupal installation program.
* If you make changes to this file, be sure to protect it again after making
* your modifications. Failure to remove write permissions to this file is a
* security risk.
*
* In order to use the selection rules below the multisite aliasing file named
* sites/sites.php must be present. Its optional settings will be loaded, and
* the aliases in the array $sites will override the default directory rules
* below. See sites/example.sites.php for more information about aliases.
*
* The configuration directory will be discovered by stripping the website's
* hostname from left to right and pathname from right to left. The first
* configuration file found will be used and any others will be ignored. If no
* other configuration file is found then the default configuration file at
* 'sites/default' will be used.
*
* For example, for a fictitious site installed at
* https://www.drupal.org:8080/my-site/test/, the 'settings.php' file is searched
* for in the following directories:
*
* - sites/8080.www.drupal.org.my-site.test
* - sites/www.drupal.org.my-site.test
* - sites/drupal.org.my-site.test
* - sites/org.my-site.test
*
* - sites/8080.www.drupal.org.my-site
* - sites/www.drupal.org.my-site
* - sites/drupal.org.my-site
* - sites/org.my-site
*
* - sites/8080.www.drupal.org
* - sites/www.drupal.org
* - sites/drupal.org
* - sites/org
*
* - sites/default
*
* Note that if you are installing on a non-standard port number, prefix the
* hostname with that number. For example,
* https://www.drupal.org:8080/my-site/test/ could be loaded from
* sites/8080.www.drupal.org.my-site.test/.
*
* @see example.sites.php
* @see \Drupal\Core\DrupalKernel::getSitePath()
*
* In addition to customizing application settings through variables in
* settings.php, you can create a services.yml file in the same directory to
* register custom, site-specific service definitions and/or swap out default
* implementations with custom ones.
*/
/**
* Database settings:
*
* The $databases array specifies the database connection or
* connections that Drupal may use. Drupal is able to connect
* to multiple databases, including multiple types of databases,
* during the same request.
*
* One example of the simplest connection array is shown below. To use the
* sample settings, copy and uncomment the code below between the @code and
* @endcode lines and paste it after the $databases declaration. You will need
* to replace the database username and password and possibly the host and port
* with the appropriate credentials for your database system.
*
* The next section describes how to customize the $databases array for more
* specific needs.
*
* @code
* $databases['default']['default'] = [
* 'database' => 'databasename',
* 'username' => 'sql_username',
* 'password' => 'sql_password',
* 'host' => 'localhost',
* 'port' => '3306',
* 'driver' => 'mysql',
* 'prefix' => '',
* 'collation' => 'utf8mb4_general_ci',
* ];
* @endcode
*/
$databases = [];
/**
* Customizing database settings.
*
* Many of the values of the $databases array can be customized for your
* particular database system. Refer to the sample in the section above as a
* starting point.
*
* The "driver" property indicates what Drupal database driver the
* connection should use. This is usually the same as the name of the
* database type, such as mysql or sqlite, but not always. The other
* properties will vary depending on the driver. For SQLite, you must
* specify a database file name in a directory that is writable by the
* webserver. For most other drivers, you must specify a
* username, password, host, and database name.
*
* Drupal core implements drivers for mysql, pgsql, and sqlite. Other drivers
* can be provided by contributed or custom modules. To use a contributed or
* custom driver, the "namespace" property must be set to the namespace of the
* driver. The code in this namespace must be autoloadable prior to connecting
* to the database, and therefore, prior to when module root namespaces are
* added to the autoloader. To add the driver's namespace to the autoloader,
* set the "autoload" property to the PSR-4 base directory of the driver's
* namespace. This is optional for projects managed with Composer if the
* driver's namespace is in Composer's autoloader.
*
* For each database, you may optionally specify multiple "target" databases.
* A target database allows Drupal to try to send certain queries to a
* different database if it can but fall back to the default connection if not.
* That is useful for primary/replica replication, as Drupal may try to connect
* to a replica server when appropriate and if one is not available will simply
* fall back to the single primary server (The terms primary/replica are
* traditionally referred to as master/slave in database server documentation).
*
* The general format for the $databases array is as follows:
* @code
* $databases['default']['default'] = $info_array;
* $databases['default']['replica'][] = $info_array;
* $databases['default']['replica'][] = $info_array;
* $databases['extra']['default'] = $info_array;
* @endcode
*
* In the above example, $info_array is an array of settings described above.
* The first line sets a "default" database that has one primary database
* (the second level default). The second and third lines create an array
* of potential replica databases. Drupal will select one at random for a given
* request as needed. The fourth line creates a new database with a name of
* "extra".
*
* For MySQL, MariaDB or equivalent databases the 'isolation_level' option can
* be set. The recommended transaction isolation level for Drupal sites is
* 'READ COMMITTED'. The 'REPEATABLE READ' option is supported but can result
* in deadlocks, the other two options are 'READ UNCOMMITTED' and 'SERIALIZABLE'.
* They are available but not supported; use them at your own risk. For more
* info:
* https://dev.mysql.com/doc/refman/5.7/en/innodb-transaction-isolation-levels.html
*
* On your settings.php, change the isolation level:
* @code
* $databases['default']['default']['init_commands'] = [
* 'isolation_level' => 'SET SESSION TRANSACTION ISOLATION LEVEL READ COMMITTED',
* ];
* @endcode
*
* You can optionally set a prefix for all database table names by using the
* 'prefix' setting. If a prefix is specified, the table name will be prepended
* with its value. Be sure to use valid database characters only, usually
* alphanumeric and underscore. If no prefix is desired, do not set the 'prefix'
* key or set its value to an empty string ''.
*
* For example, to have all database table prefixed with 'main_', set:
* @code
* 'prefix' => 'main_',
* @endcode
*
* Advanced users can add or override initial commands to execute when
* connecting to the database server, as well as PDO connection settings. For
* example, to enable MySQL SELECT queries to exceed the max_join_size system
* variable, and to reduce the database connection timeout to 5 seconds:
* @code
* $databases['default']['default'] = [
* 'init_commands' => [
* 'big_selects' => 'SET SQL_BIG_SELECTS=1',
* ],
* 'pdo' => [
* PDO::ATTR_TIMEOUT => 5,
* ],
* ];
* @endcode
*
* WARNING: The above defaults are designed for database portability. Changing
* them may cause unexpected behavior, including potential data loss. See
* https://www.drupal.org/developing/api/database/configuration for more
* information on these defaults and the potential issues.
*
* More details can be found in the constructor methods for each driver:
* - \Drupal\mysql\Driver\Database\mysql\Connection::__construct()
* - \Drupal\pgsql\Driver\Database\pgsql\Connection::__construct()
* - \Drupal\sqlite\Driver\Database\sqlite\Connection::__construct()
*
* Sample Database configuration format for PostgreSQL (pgsql):
* @code
* $databases['default']['default'] = [
* 'driver' => 'pgsql',
* 'database' => 'databasename',
* 'username' => 'sql_username',
* 'password' => 'sql_password',
* 'host' => 'localhost',
* 'prefix' => '',
* ];
* @endcode
*
* Sample Database configuration format for SQLite (sqlite):
* @code
* $databases['default']['default'] = [
* 'driver' => 'sqlite',
* 'database' => '/path/to/database_filename',
* ];
* @endcode
*
* Sample Database configuration format for a driver in a contributed module:
* @code
* $databases['default']['default'] = [
* 'driver' => 'my_driver',
* 'namespace' => 'Drupal\my_module\Driver\Database\my_driver',
* 'autoload' => 'modules/my_module/src/Driver/Database/my_driver/',
* 'database' => 'databasename',
* 'username' => 'sql_username',
* 'password' => 'sql_password',
* 'host' => 'localhost',
* 'prefix' => '',
* ];
* @endcode
*
* Sample Database configuration format for a driver that is extending another
* database driver.
* @code
* $databases['default']['default'] = [
* 'driver' => 'my_driver',
* 'namespace' => 'Drupal\my_module\Driver\Database\my_driver',
* 'autoload' => 'modules/my_module/src/Driver/Database/my_driver/',
* 'database' => 'databasename',
* 'username' => 'sql_username',
* 'password' => 'sql_password',
* 'host' => 'localhost',
* 'prefix' => '',
* 'dependencies' => [
* 'parent_module' => [
* 'namespace' => 'Drupal\parent_module',
* 'autoload' => 'core/modules/parent_module/src/',
* ],
* ],
* ];
* @endcode
*/
/**
* Location of the site configuration files.
*
* The $settings['config_sync_directory'] specifies the location of file system
* directory used for syncing configuration data. On install, the directory is
* created. This is used for configuration imports.
*
* The default location for this directory is inside a randomly-named
* directory in the public files path. The setting below allows you to set
* its location.
*/
# $settings['config_sync_directory'] = '/directory/outside/webroot';
/**
* Settings:
*
* $settings contains environment-specific configuration, such as the files
* directory and reverse proxy address, and temporary configuration, such as
* security overrides.
*
* @see \Drupal\Core\Site\Settings::get()
*/
/**
* Salt for one-time login links, cancel links, form tokens, etc.
*
* This variable will be set to a random value by the installer. All one-time
* login links will be invalidated if the value is changed. Note that if your
* site is deployed on a cluster of web servers, you must ensure that this
* variable has the same value on each server.
*
* For enhanced security, you may set this variable to the contents of a file
* outside your document root, and vary the value across environments (like
* production and development); you should also ensure that this file is not
* stored with backups of your database.
*
* Example:
* @code
* $settings['hash_salt'] = file_get_contents('/home/example/salt.txt');
* @endcode
*/
$settings['hash_salt'] = '';
/**
* Deployment identifier.
*
* Drupal's dependency injection container will be automatically invalidated and
* rebuilt when the Drupal core version changes. When updating contributed or
* custom code that changes the container, changing this identifier will also
* allow the container to be invalidated as soon as code is deployed.
*/
# $settings['deployment_identifier'] = \Drupal::VERSION;
/**
* Access control for update.php script.
*
* If you are updating your Drupal installation using the update.php script but
* are not logged in using either an account with the "Administer software
* updates" permission or the site maintenance account (the account that was
* created during installation), you will need to modify the access check
* statement below. Change the FALSE to a TRUE to disable the access check.
* After finishing the upgrade, be sure to open this file again and change the
* TRUE back to a FALSE!
*/
$settings['update_free_access'] = FALSE;
/**
* Fallback to HTTP for Update Manager and for fetching security advisories.
*
* If your site fails to connect to updates.drupal.org over HTTPS (either when
* fetching data on available updates, or when fetching the feed of critical
* security announcements), you may uncomment this setting and set it to TRUE to
* allow an insecure fallback to HTTP. Note that doing so will open your site up
* to a potential man-in-the-middle attack. You should instead attempt to
* resolve the issues before enabling this option.
* @see https://www.drupal.org/docs/system-requirements/php-requirements#openssl
* @see https://en.wikipedia.org/wiki/Man-in-the-middle_attack
* @see \Drupal\update\UpdateFetcher
* @see \Drupal\system\SecurityAdvisories\SecurityAdvisoriesFetcher
*/
# $settings['update_fetch_with_http_fallback'] = TRUE;
/**
* External access proxy settings:
*
* If your site must access the Internet via a web proxy then you can enter the
* proxy settings here. Set the full URL of the proxy, including the port, in
* variables:
* - $settings['http_client_config']['proxy']['http']: The proxy URL for HTTP
* requests.
* - $settings['http_client_config']['proxy']['https']: The proxy URL for HTTPS
* requests.
* You can pass in the user name and password for basic authentication in the
* URLs in these settings.
*
* You can also define an array of host names that can be accessed directly,
* bypassing the proxy, in $settings['http_client_config']['proxy']['no'].
*/
# $settings['http_client_config']['proxy']['http'] = 'http://proxy_user:proxy_pass@example.com:8080';
# $settings['http_client_config']['proxy']['https'] = 'http://proxy_user:proxy_pass@example.com:8080';
# $settings['http_client_config']['proxy']['no'] = ['127.0.0.1', 'localhost'];
/**
* Reverse Proxy Configuration:
*
* Reverse proxy servers are often used to enhance the performance
* of heavily visited sites and may also provide other site caching,
* security, or encryption benefits. In an environment where Drupal
* is behind a reverse proxy, the real IP address of the client should
* be determined such that the correct client IP address is available
* to Drupal's logging, statistics, and access management systems. In
* the most simple scenario, the proxy server will add an
* X-Forwarded-For header to the request that contains the client IP
* address. However, HTTP headers are vulnerable to spoofing, where a
* malicious client could bypass restrictions by setting the
* X-Forwarded-For header directly. Therefore, Drupal's proxy
* configuration requires the IP addresses of all remote proxies to be
* specified in $settings['reverse_proxy_addresses'] to work correctly.
*
* Enable this setting to get Drupal to determine the client IP from the
* X-Forwarded-For header. If you are unsure about this setting, do not have a
* reverse proxy, or Drupal operates in a shared hosting environment, this
* setting should remain commented out.
*
* In order for this setting to be used you must specify every possible
* reverse proxy IP address in $settings['reverse_proxy_addresses'].
* If a complete list of reverse proxies is not available in your
* environment (for example, if you use a CDN) you may set the
* $_SERVER['REMOTE_ADDR'] variable directly in settings.php.
* Be aware, however, that it is likely that this would allow IP
* address spoofing unless more advanced precautions are taken.
*/
# $settings['reverse_proxy'] = TRUE;
/**
* Reverse proxy addresses.
*
* Specify every reverse proxy IP address in your environment, as an array of
* IPv4/IPv6 addresses or subnets in CIDR notation. This setting is required if
* $settings['reverse_proxy'] is TRUE.
*/
# $settings['reverse_proxy_addresses'] = ['a.b.c.d', 'e.f.g.h/24', ...];
/**
* Reverse proxy trusted headers.
*
* Sets which headers to trust from your reverse proxy.
*
* Common values are:
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
* - \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
*
* Note the default value of
* @code
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
* @endcode
* is not secure by default. The value should be set to only the specific
* headers the reverse proxy uses. For example:
* @code
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
* @endcode
* This would trust the following headers:
* - X_FORWARDED_FOR
* - X_FORWARDED_HOST
* - X_FORWARDED_PROTO
* - X_FORWARDED_PORT
*
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
* @see \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
* @see \Symfony\Component\HttpFoundation\Request::setTrustedProxies
*/
# $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;
/**
* Page caching:
*
* By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page
* views. This tells a HTTP proxy that it may return a page from its local
* cache without contacting the web server, if the user sends the same Cookie
* header as the user who originally requested the cached page. Without "Vary:
* Cookie", authenticated users would also be served the anonymous page from
* the cache. If the site has mostly anonymous users except a few known
* editors/administrators, the Vary header can be omitted. This allows for
* better caching in HTTP proxies (including reverse proxies), i.e. even if
* clients send different cookies, they still get content served from the cache.
* However, authenticated users should access the site directly (i.e. not use an
* HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid
* getting cached pages from the proxy.
*/
# $settings['omit_vary_cookie'] = TRUE;
/**
* Cache TTL for client error (4xx) responses.
*
* Items cached per-URL tend to result in a large number of cache items, and
* this can be problematic on 404 pages which by their nature are unbounded. A
* fixed TTL can be set for these items, defaulting to one hour, so that cache
* backends which do not support LRU can purge older entries. To disable caching
* of client error responses set the value to 0. Currently applies only to
* page_cache module.
*/
# $settings['cache_ttl_4xx'] = 3600;
/**
* Expiration of cached forms.
*
* Drupal's Form API stores details of forms in a cache and these entries are
* kept for at least 6 hours by default. Expired entries are cleared by cron.
*
* @see \Drupal\Core\Form\FormCache::setCache()
*/
# $settings['form_cache_expiration'] = 21600;
/**
* Class Loader.
*
* If the APCu extension is detected, the classloader will be optimized to use
* it. Set to FALSE to disable this.
*
* @see https://getcomposer.org/doc/articles/autoloader-optimization.md
*/
# $settings['class_loader_auto_detect'] = FALSE;
/**
* Authorized file system operations:
*
* The Update Manager module included with Drupal provides a mechanism for
* site administrators to securely install missing updates for the site
* directly through the web user interface. On securely-configured servers,
* the Update manager will require the administrator to provide SSH or FTP
* credentials before allowing the installation to proceed; this allows the
* site to update the new files as the user who owns all the Drupal files,
* instead of as the user the webserver is running as. On servers where the
* webserver user is itself the owner of the Drupal files, the administrator
* will not be prompted for SSH or FTP credentials (note that these server
* setups are common on shared hosting, but are inherently insecure).
*
* Some sites might wish to disable the above functionality, and only update
* the code directly via SSH or FTP themselves. This setting completely
* disables all functionality related to these authorized file operations.
*
* @see https://www.drupal.org/node/244924
*
* Remove the leading hash signs to disable.
*/
# $settings['allow_authorize_operations'] = FALSE;
/**
* Default mode for directories and files written by Drupal.
*
* Value should be in PHP Octal Notation, with leading zero.
*/
# $settings['file_chmod_directory'] = 0775;
# $settings['file_chmod_file'] = 0664;
/**
* Optimized assets path:
*
* A local file system path where optimized assets will be stored. This directory
* must exist and be writable by Drupal. This directory must be relative to
* the Drupal installation directory and be accessible over the web.
*/
# $settings['file_assets_path'] = 'sites/default/files';
/**
* Public file base URL:
*
* An alternative base URL to be used for serving public files. This must
* include any leading directory path.
*
* A different value from the domain used by Drupal to be used for accessing
* public files. This can be used for a simple CDN integration, or to improve
* security by serving user-uploaded files from a different domain or subdomain
* pointing to the same server. Do not include a trailing slash.
*/
# $settings['file_public_base_url'] = 'http://downloads.example.com/files';
/**
* Public file path:
*
* A local file system path where public files will be stored. This directory
* must exist and be writable by Drupal. This directory must be relative to
* the Drupal installation directory and be accessible over the web.
*/
# $settings['file_public_path'] = 'sites/default/files';
/**
* Additional public file schemes:
*
* Public schemes are URI schemes that allow download access to all users for
* all files within that scheme.
*
* The "public" scheme is always public, and the "private" scheme is always
* private, but other schemes, such as "https", "s3", "example", or others,
* can be either public or private depending on the site. By default, they're
* private, and access to individual files is controlled via
* hook_file_download().
*
* Typically, if a scheme should be public, a module makes it public by
* implementing hook_file_download(), and granting access to all users for all
* files. This could be either the same module that provides the stream wrapper
* for the scheme, or a different module that decides to make the scheme
* public. However, in cases where a site needs to make a scheme public, but
* is unable to add code in a module to do so, the scheme may be added to this
* variable, the result of which is that system_file_download() grants public
* access to all files within that scheme.
*/
# $settings['file_additional_public_schemes'] = ['example'];
/**
* File schemes whose paths should not be normalized:
*
* Normally, Drupal normalizes '/./' and '/../' segments in file URIs in order
* to prevent unintended file access. For example, 'private://css/../image.png'
* is normalized to 'private://image.png' before checking access to the file.
*
* On Windows, Drupal also replaces '\' with '/' in URIs for the local
* filesystem.
*
* If file URIs with one or more scheme should not be normalized like this, then
* list the schemes here. For example, if 'porcelain://china/./plate.png' should
* not be normalized to 'porcelain://china/plate.png', then add 'porcelain' to
* this array. In this case, make sure that the module providing the 'porcelain'
* scheme does not allow unintended file access when using '/../' to move up the
* directory tree.
*/
# $settings['file_sa_core_2023_005_schemes'] = ['porcelain'];
/**
* Configuration for phpinfo() admin status report.
*
* Drupal's admin UI includes a report at admin/reports/status/php which shows
* the output of phpinfo(). The full output can contain sensitive information
* so by default Drupal removes some sections.
*
* This behavior can be configured by setting this variable to a different
* value corresponding to the flags parameter of phpinfo().
*
* If you need to expose more information in the report - for example to debug a
* problem - consider doing so temporarily.
*
* @see https://www.php.net/manual/function.phpinfo.php
*/
# $settings['sa_core_2023_004_phpinfo_flags'] = ~ (INFO_VARIABLES | INFO_ENVIRONMENT);
/**
* Private file path:
*
* A local file system path where private files will be stored. This directory
* must be absolute, outside of the Drupal installation directory and not
* accessible over the web.
*
* Note: Caches need to be cleared when this value is changed to make the
* private:// stream wrapper available to the system.
*
* See https://www.drupal.org/documentation/modules/file for more information
* about securing private files.
*/
# $settings['file_private_path'] = '';
/**
* Temporary file path:
*
* A local file system path where temporary files will be stored. This directory
* must be absolute, outside of the Drupal installation directory and not
* accessible over the web.
*
* If this is not set, the default for the operating system will be used.
*
* @see \Drupal\Component\FileSystem\FileSystem::getOsTemporaryDirectory()
*/
# $settings['file_temp_path'] = '/tmp';
/**
* Session write interval:
*
* Set the minimum interval between each session write to database.
* For performance reasons it defaults to 180.
*/
# $settings['session_write_interval'] = 180;
/**
* String overrides:
*
* To override specific strings on your site with or without enabling the Locale
* module, add an entry to this list. This functionality allows you to change
* a small number of your site's default English language interface strings.
*
* Remove the leading hash signs to enable.
*
* The "en" part of the variable name, is dynamic and can be any langcode of
* any added language. (eg locale_custom_strings_de for german).
*/
# $settings['locale_custom_strings_en'][''] = [
# 'Home' => 'Front page',
# '@count min' => '@count minutes',
# ];
/**
* A custom theme for the offline page:
*
* This applies when the site is explicitly set to maintenance mode through the
* administration page or when the database is inactive due to an error.
* The template file should also be copied into the theme. It is located inside
* 'core/modules/system/templates/maintenance-page.html.twig'.
*
* Note: This setting does not apply to installation and update pages.
*/
# $settings['maintenance_theme'] = 'claro';
/**
* PHP settings:
*
* To see what PHP settings are possible, including whether they can be set at
* runtime (by using ini_set()), read the PHP documentation:
* http://php.net/manual/ini.list.php
* See \Drupal\Core\DrupalKernel::bootEnvironment() for required runtime
* settings and the .htaccess file for non-runtime settings.
* Settings defined there should not be duplicated here so as to avoid conflict
* issues.
*/
/**
* If you encounter a situation where users post a large amount of text, and
* the result is stripped out upon viewing but can still be edited, Drupal's
* output filter may not have sufficient memory to process it. If you
* experience this issue, you may wish to uncomment the following two lines
* and increase the limits of these variables. For more information, see
* http://php.net/manual/pcre.configuration.php.
*/
# ini_set('pcre.backtrack_limit', 200000);
# ini_set('pcre.recursion_limit', 200000);
/**
* Configuration overrides.
*
* To globally override specific configuration values for this site,
* set them here. You usually don't need to use this feature. This is
* useful in a configuration file for a vhost or directory, rather than
* the default settings.php.
*
* Note that any values you provide in these variable overrides will not be
* viewable from the Drupal administration interface. The administration
* interface displays the values stored in configuration so that you can stage
* changes to other environments that don't have the overrides.
*
* There are particular configuration values that are risky to override. For
* example, overriding the list of installed modules in 'core.extension' is not
* supported as module install or uninstall has not occurred. Other examples
* include field storage configuration, because it has effects on database
* structure, and 'core.menu.static_menu_link_overrides' since this is cached in
* a way that is not config override aware. Also, note that changing
* configuration values in settings.php will not fire any of the configuration
* change events.
*/
# $config['system.site']['name'] = 'My Drupal site';
# $config['user.settings']['anonymous'] = 'Visitor';
/**
* Load services definition file.
*/
$settings['container_yamls'][] = $app_root . '/' . $site_path . '/services.yml';
/**
* Override the default service container class.
*
* This is useful for example to trace the service container for performance
* tracking purposes, for testing a service container with an error condition or
* to test a service container that throws an exception.
*/
# $settings['container_base_class'] = '\Drupal\Core\DependencyInjection\Container';
/**
* Override the default yaml parser class.
*
* Provide a fully qualified class name here if you would like to provide an
* alternate implementation YAML parser. The class must implement the
* \Drupal\Component\Serialization\SerializationInterface interface.
*/
# $settings['yaml_parser_class'] = NULL;
/**
* Trusted host configuration.
*
* Drupal core can use the Symfony trusted host mechanism to prevent HTTP Host
* header spoofing.
*
* To enable the trusted host mechanism, you enable your allowable hosts
* in $settings['trusted_host_patterns']. This should be an array of regular
* expression patterns, without delimiters, representing the hosts you would
* like to allow.
*
* For example:
* @code
* $settings['trusted_host_patterns'] = [
* '^www\.example\.com$',
* ];
* @endcode
* will allow the site to only run from www.example.com.
*
* If you are running multisite, or if you are running your site from
* different domain names (eg, you don't redirect http://www.example.com to
* http://example.com), you should specify all of the host patterns that are
* allowed by your site.
*
* For example:
* @code
* $settings['trusted_host_patterns'] = [
* '^example\.com$',
* '^.+\.example\.com$',
* '^example\.org$',
* '^.+\.example\.org$',
* ];
* @endcode
* will allow the site to run off of all variants of example.com and
* example.org, with all subdomains included.
*
* @see https://www.drupal.org/docs/installing-drupal/trusted-host-settings
*/
# $settings['trusted_host_patterns'] = [];
/**
* The default list of directories that will be ignored by Drupal's file API.
*
* By default ignore node_modules and bower_components folders to avoid issues
* with common frontend tools and recursive scanning of directories looking for
* extensions.
*
* @see \Drupal\Core\File\FileSystemInterface::scanDirectory()
* @see \Drupal\Core\Extension\ExtensionDiscovery::scanDirectory()
*/
$settings['file_scan_ignore_directories'] = [
'node_modules',
'bower_components',
];
/**
* The default number of entities to update in a batch process.
*
* This is used by update and post-update functions that need to go through and
* change all the entities on a site, so it is useful to increase this number
* if your hosting configuration (i.e. RAM allocation, CPU speed) allows for a
* larger number of entities to be processed in a single batch run.
*/
$settings['entity_update_batch_size'] = 50;
/**
* Entity update backup.
*
* This is used to inform the entity storage handler that the backup tables as
* well as the original entity type and field storage definitions should be
* retained after a successful entity update process.
*/
$settings['entity_update_backup'] = TRUE;
/**
* Node migration type.
*
* This is used to force the migration system to use the classic node migrations
* instead of the default complete node migrations. The migration system will
* use the classic node migration only if there are existing migrate_map tables
* for the classic node migrations and they contain data. These tables may not
* exist if you are developing custom migrations and do not want to use the
* complete node migrations. Set this to TRUE to force the use of the classic
* node migrations.
*/
$settings['migrate_node_migrate_type_classic'] = FALSE;
/**
* The default settings for migration sources.
*
* These settings are used as the default settings on the Credential form at
* /upgrade/credentials.
*
* - migrate_source_version - The version of the source database. This can be
* '6' or '7'. Defaults to '7'.
* - migrate_source_connection - The key in the $databases array for the source
* site.
* - migrate_file_public_path - The location of the source Drupal 6 or Drupal 7
* public files. This can be a local file directory containing the source
* Drupal 6 or Drupal 7 site (e.g /var/www/docroot), or the site address
* (e.g http://example.com).
* - migrate_file_private_path - The location of the source Drupal 7 private
* files. This can be a local file directory containing the source Drupal 7
* site (e.g /var/www/docroot), or empty to use the same value as Public
* files directory.
*
* Sample configuration for a drupal 6 source site with the source files in a
* local directory.
*
* @code
* $settings['migrate_source_version'] = '6';
* $settings['migrate_source_connection'] = 'migrate';
* $settings['migrate_file_public_path'] = '/var/www/drupal6';
* @endcode
*
* Sample configuration for a drupal 7 source site with public source files on
* the source site and the private files in a local directory.
*
* @code
* $settings['migrate_source_version'] = '7';
* $settings['migrate_source_connection'] = 'migrate';
* $settings['migrate_file_public_path'] = 'https://drupal7.com';
* $settings['migrate_file_private_path'] = '/var/www/drupal7';
* @endcode
*/
# $settings['migrate_source_connection'] = '';
# $settings['migrate_source_version'] = '';
# $settings['migrate_file_public_path'] = '';
# $settings['migrate_file_private_path'] = '';
/**
* Load local development override configuration, if available.
*
* Create a settings.local.php file to override variables on secondary (staging,
* development, etc.) installations of this site.
*
* Typical uses of settings.local.php include:
* - Disabling caching.
* - Disabling JavaScript/CSS compression.
* - Rerouting outgoing emails.
*
* Keep this code block at the end of this file to take full effect.
*/
#
# if (file_exists($app_root . '/' . $site_path . '/settings.local.php')) {
# include $app_root . '/' . $site_path . '/settings.local.php';
# }

9
web/sites/development.services.yml Normal file
View File

@ -0,0 +1,9 @@
# Local development services.
#
# To activate this feature, follow the instructions at the top of the
# 'example.settings.local.php' file, which sits next to this file.
parameters:
http.response.debug_cacheability_headers: true
services:
cache.backend.null:
class: Drupal\Core\Cache\NullBackendFactory

151
web/sites/example.settings.local.php Normal file
View File

@ -0,0 +1,151 @@
<?php
// phpcs:ignoreFile
/**
* @file
* Local development override configuration feature.
*
* To activate this feature, copy and rename it such that its path plus
* filename is 'sites/default/settings.local.php'. Then, go to the bottom of
* 'sites/default/settings.php' and uncomment the commented lines that mention
* 'settings.local.php'.
*
* If you are using a site name in the path, such as 'sites/example.com', copy
* this file to 'sites/example.com/settings.local.php', and uncomment the lines
* at the bottom of 'sites/example.com/settings.php'.
*/
/**
* Assertions.
*
* The Drupal project primarily uses runtime assertions to enforce the
* expectations of the API by failing when incorrect calls are made by code
* under development.
*
* @see http://php.net/assert
* @see https://www.drupal.org/node/2492225
*
* It is strongly recommended that you set zend.assertions=1 in the PHP.ini file
* (It cannot be changed from .htaccess or runtime) on development machines and
* to 0 or -1 in production.
*/
/**
* Enable local development services.
*/
$settings['container_yamls'][] = DRUPAL_ROOT . '/sites/development.services.yml';
/**
* Show all error messages, with backtrace information.
*
* In case the error level could not be fetched from the database, as for
* example the database connection failed, we rely only on this value.
*/
$config['system.logging']['error_level'] = 'verbose';
/**
* Disable CSS and JS aggregation.
*/
$config['system.performance']['css']['preprocess'] = FALSE;
$config['system.performance']['js']['preprocess'] = FALSE;
/**
* Disable the render cache.
*
* Note: you should test with the render cache enabled, to ensure the correct
* cacheability metadata is present. However, in the early stages of
* development, you may want to disable it.
*
* This setting disables the render cache by using the Null cache back-end
* defined by the development.services.yml file above.
*
* Only use this setting once the site has been installed.
*/
# $settings['cache']['bins']['render'] = 'cache.backend.null';
/**
* Disable caching for migrations.
*
* Uncomment the code below to only store migrations in memory and not in the
* database. This makes it easier to develop custom migrations.
*/
# $settings['cache']['bins']['discovery_migration'] = 'cache.backend.memory';
/**
* Disable Internal Page Cache.
*
* Note: you should test with Internal Page Cache enabled, to ensure the correct
* cacheability metadata is present. However, in the early stages of
* development, you may want to disable it.
*
* This setting disables the page cache by using the Null cache back-end
* defined by the development.services.yml file above.
*
* Only use this setting once the site has been installed.
*/
# $settings['cache']['bins']['page'] = 'cache.backend.null';
/**
* Disable Dynamic Page Cache.
*
* Note: you should test with Dynamic Page Cache enabled, to ensure the correct
* cacheability metadata is present (and hence the expected behavior). However,
* in the early stages of development, you may want to disable it.
*/
# $settings['cache']['bins']['dynamic_page_cache'] = 'cache.backend.null';
/**
* Allow test modules and themes to be installed.
*
* Drupal ignores test modules and themes by default for performance reasons.
* During development it can be useful to install test extensions for debugging
* purposes.
*/
# $settings['extension_discovery_scan_tests'] = TRUE;
/**
* Enable access to rebuild.php.
*
* This setting can be enabled to allow Drupal's php and database cached
* storage to be cleared via the rebuild.php page. Access to this page can also
* be gained by generating a query string from rebuild_token_calculator.sh and
* using these parameters in a request to rebuild.php.
*/
$settings['rebuild_access'] = TRUE;
/**
* Skip file system permissions hardening.
*
* The system module will periodically check the permissions of your site's
* site directory to ensure that it is not writable by the website user. For
* sites that are managed with a version control system, this can cause problems
* when files in that directory such as settings.php are updated, because the
* user pulling in the changes won't have permissions to modify files in the
* directory.
*/
$settings['skip_permissions_hardening'] = TRUE;
/**
* Exclude modules from configuration synchronization.
*
* On config export sync, no config or dependent config of any excluded module
* is exported. On config import sync, any config of any installed excluded
* module is ignored. In the exported configuration, it will be as if the
* excluded module had never been installed. When syncing configuration, if an
* excluded module is already installed, it will not be uninstalled by the
* configuration synchronization, and dependent configuration will remain
* intact. This affects only configuration synchronization; single import and
* export of configuration are not affected.
*
* Drupal does not validate or sanity check the list of excluded modules. For
* instance, it is your own responsibility to never exclude required modules,
* because it would mean that the exported configuration can not be imported
* anymore.
*
* This is an advanced feature and using it means opting out of some of the
* guarantees the configuration synchronization provides. It is not recommended
* to use this feature with modules that affect Drupal in a major way such as
* the language or field module.
*/
# $settings['config_exclude_modules'] = ['devel', 'stage_file_proxy'];

57
web/sites/example.sites.php Normal file
View File

@ -0,0 +1,57 @@
<?php
// phpcs:ignoreFile
/**
* @file
* Configuration file for multi-site support and directory aliasing feature.
*
* This file is required for multi-site support and also allows you to define a
* set of aliases that map hostnames, ports, and pathnames to configuration
* directories in the sites directory. These aliases are loaded prior to
* scanning for directories, and they are exempt from the normal discovery
* rules. See default.settings.php to view how Drupal discovers the
* configuration directory when no alias is found.
*
* Aliases are useful on development servers, where the domain name may not be
* the same as the domain of the live server. Since Drupal stores file paths in
* the database (files, system table, etc.) this will ensure the paths are
* correct when the site is deployed to a live server.
*
* To activate this feature, copy and rename it such that its path plus
* filename is 'sites/sites.php'.
*
* Aliases are defined in an associative array named $sites. The array is
* written in the format: '<port>.<domain>.<path>' => 'directory'. As an
* example, to map https://www.drupal.org:8080/my-site/test to the configuration
* directory sites/example.com, the array should be defined as:
* @code
* $sites = [
* '8080.www.drupal.org.my-site.test' => 'example.com',
* ];
* @endcode
* The URL, https://www.drupal.org:8080/my-site/test/, could be a symbolic link
* or an Apache Alias directive that points to the Drupal root containing
* index.php. An alias could also be created for a subdomain. See the
* @link https://www.drupal.org/documentation/install online Drupal installation guide @endlink
* for more information on setting up domains, subdomains, and subdirectories.
*
* The following examples look for a site configuration in sites/example.com:
* @code
* URL: http://dev.drupal.org
* $sites['dev.drupal.org'] = 'example.com';
*
* URL: http://localhost/example
* $sites['localhost.example'] = 'example.com';
*
* URL: http://localhost:8080/example
* $sites['8080.localhost.example'] = 'example.com';
*
* URL: https://www.drupal.org:8080/my-site/test/
* $sites['8080.www.drupal.org.my-site.test'] = 'example.com';
* @endcode
*
* @see default.settings.php
* @see \Drupal\Core\DrupalKernel::getSitePath()
* @see https://www.drupal.org/documentation/install/multi-site
*/

31
web/themes/README.txt Normal file
View File

@ -0,0 +1,31 @@
Themes allow you to change the look and feel of your Drupal site. You can use
themes contributed by others or create your own.
WHAT TO PLACE IN THIS DIRECTORY?
--------------------------------
Placing downloaded and custom themes in this directory separates downloaded and
custom themes from Drupal core's themes. This allows Drupal core to be updated
without overwriting these files.
DOWNLOAD ADDITIONAL THEMES
--------------------------
Contributed themes from the Drupal community may be downloaded at
https://www.drupal.org/project/project_theme.
MULTISITE CONFIGURATION
-----------------------
In multisite configurations, themes found in this directory are available to
all sites. You may also put themes in the sites/all/themes directory, and the
versions in sites/all/themes will take precedence over versions of the same
themes that are here. Alternatively, the sites/your_site_name/themes directory
pattern may be used to restrict themes to a specific site instance.
MORE INFORMATION
-----------------
Refer to the "Appearance" section of the README.md in the Drupal root directory
for further information on customizing the appearance of Drupal with custom
themes.

30
web/update.php Normal file
View File

@ -0,0 +1,30 @@
<?php
/**
* @file
* The PHP page that handles updating the Drupal installation.
*
* All Drupal code is released under the GNU General Public License.
* See COPYRIGHT.txt and LICENSE.txt files in the "core" directory.
*/
use Drupal\Core\Update\UpdateKernel;
use Symfony\Component\HttpFoundation\Request;
$autoloader = require_once 'autoload.php';
// Disable garbage collection during test runs. Under certain circumstances the
// update path will create so many objects that garbage collection causes
// segmentation faults.
if (drupal_valid_test_ua()) {
gc_collect_cycles();
gc_disable();
}
$kernel = new UpdateKernel('prod', $autoloader, FALSE);
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);

91
web/web.config Normal file
View File

@ -0,0 +1,91 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<!-- Don't show directory listings for URLs which map to a directory. -->
<directoryBrowse enabled="false" />
<!--
Caching configuration was not delegated by default. Some hosters may not
delegate the caching configuration to site owners by default and that
may cause errors when users install. Uncomment this if you want to and
are allowed to enable caching.
-->
<!--
<caching>
<profiles>
<add extension=".php" policy="DisableCache" kernelCachePolicy="DisableCache" />
<add extension=".html" policy="CacheForTimePeriod" kernelCachePolicy="CacheForTimePeriod" duration="14:00:00" />
</profiles>
</caching>
-->
<rewrite>
<rules>
<rule name="Protect files and directories from prying eyes" stopProcessing="true">
<match url="\.(engine|inc|install|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format|composer\.(json|lock)|\.htaccess|yarn.lock|package.json)$" />
<action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
</rule>
<rule name="Force simple error message for requests for non-existent favicon.ico" stopProcessing="true">
<match url="favicon\.ico" />
<action type="CustomResponse" statusCode="404" subStatusCode="1" statusReason="File Not Found" statusDescription="The requested file favicon.ico was not found" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
</rule>
<!-- To redirect all users to access the site WITH the 'www.' prefix,
http://example.com/foo will be redirected to http://www.example.com/foo)
adapt and uncomment the following: -->
<!--
<rule name="Redirect to add www" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example\.com$" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="http://www.example.com/{R:1}" />
</rule>
-->
<!-- To redirect all users to access the site WITHOUT the 'www.' prefix,
http://www.example.com/foo will be redirected to http://example.com/foo)
adapt and uncomment the following: -->
<!--
<rule name="Redirect to remove www" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.example\.com$" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="http://example.com/{R:1}" />
</rule>
-->
<!-- Pass all requests not referring directly to files in the filesystem
to index.php. -->
<rule name="Short URLS" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
<add input="{URL}" pattern="^/favicon.ico$" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" />
</rule>
</rules>
</rewrite>
<!-- If running Windows Server 2008 R2 this can be commented out -->
<!-- httpErrors>
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
</httpErrors -->
<defaultDocument>
<!-- Set the default document -->
<files>
<clear />
<add value="index.php" />
</files>
</defaultDocument>
</system.webServer>
</configuration>