2017 © Pedro Peláez
 

composer-plugin drupal-composer-paranoia-acquia

Composer plugin to improve the security of composer-based Drupal projects by moving all PHP files out of docroot for Acquia Environments.

image

jkribeiro/drupal-composer-paranoia-acquia

Composer plugin to improve the security of composer-based Drupal projects by moving all PHP files out of docroot for Acquia Environments.

  • Wednesday, April 18, 2018
  • by jkribeiro
  • Repository
  • 0 Watchers
  • 1 Stars
  • 28,290 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 3 Versions
  • 41 % Grown

The README.md

Drupal Composer paranoia mode for Acquia Cloud environments

Composer plugin for improving the website security for composer-based Drupal projects by moving all PHP files out of docroot, for Acquia environments., (*1)

This plugin has the dependency of the drupal-paranoia plugin, performing additional installation steps to run the paranoia mode on Acquia Cloud environments., (*2)

Would like to know more about it? - https://github.com/drupal-composer/drupal-paranoia - Moving all PHP files out of the docroot - #1672986: Option to have all php files outside of web root - Remote Code Execution - SA-CONTRIB-2016-039 - https://twitter.com/drupalsecurity/status/753263548458004480, (*3)

Configuration

Make sure you have a drupal-composer/drupal-project-based project created., (*4)

Rename your Acquia repo docroot directory to app., (*5)

mv docroot app

Update the composer.json of your root package with the following changes:, (*6)

"extra": {
    "installer-paths": {
        "app/core": ["type:drupal-core"],
        "app/libraries/{$name}": ["type:drupal-library"],
        "app/modules/contrib/{$name}": ["type:drupal-module"],
        "app/profiles/contrib/{$name}": ["type:drupal-profile"],
        "app/themes/contrib/{$name}": ["type:drupal-theme"],
        "drush/contrib/{$name}": ["type:drupal-drush"]
    },
    "drupal-paranoia": {
        "app-dir": "app",
        "web-dir": "docroot"
    }
    "..."
}

Use composer require ... to install this Plugin on your project., (*7)

composer require jkribeiro/drupal-composer-paranoia-acquia:~1

Run the following commands to make sure that the new folders are installed:, (*8)

composer drupal:paranoia
composer drupal:paranoia-acquia

Done! Plugin and new docroot are now installed., (*9)

Folder structure

Your project now is basically structured on two folders. - app: Contains the files and folders of the full Drupal installation. - docroot: Contains only the symlinks of the assets files and the PHP stub files from the app folder., (*10)

Every time that you install or update a Drupal package via Composer, the docroot folder is automatically recreated., (*11)

If necessary, you can rebuild it manually, running the command, (*12)

composer drupal:paranoia

This could be necessary when updating themes images, CSS and JS files., (*13)

Last step is to commit and push the changes to Acquia Cloud git repository., (*14)

The Versions

18/04 2018

1.x-dev

1.9999999.9999999.9999999-dev

Composer plugin to improve the security of composer-based Drupal projects by moving all PHP files out of docroot for Acquia Environments.

  Sources   Download

GPL-2.0+

The Requires

 

The Development Requires

18/04 2018

1.0.0-alpha1

1.0.0.0-alpha1

Composer plugin to improve the security of composer-based Drupal projects by moving all PHP files out of docroot for Acquia Environments.

  Sources   Download

GPL-2.0+

The Requires

 

The Development Requires

17/04 2018

dev-issue1test

dev-issue1test

Composer plugin to improve the security of composer-based Drupal projects by moving all PHP files out of docroot for Acquia Environments.

  Sources   Download

GPL-2.0+

The Requires

 

The Development Requires