bootstrap.sh: disable some overly permissive settings in settings.local.php

[drupal-init-tools.git] / libexec / bootstrap.sh

diff --git a/libexec/bootstrap.sh b/libexec/bootstrap.sh
index 3b52f26..75f245c 100755 (executable)
--- a/libexec/bootstrap.sh
+++ b/libexec/bootstrap.sh
@@ -81,7 +81,6 @@ command -v git &> /dev/null || { echo "Aborting, 'git' not available." 1>&2; exi
 
 [ -d "$SITE_LOCAL_PATH" ] || composer install
 
-# TODO check if the commands are available
 DRUSH="${PWD}/vendor/bin/drush"
 DRUPAL_CONSOLE="${PWD}/vendor/bin/drupal"
 
@@ -134,8 +133,15 @@ sudo chgrp -R "$WEB_SERVER_GROUP" sites/default/files
 # Enables clean URLs
 sed -i "s@# RewriteBase /drupal\$@RewriteBase ${SITE_BASE_PATH}@" .htaccess
 
+chmod 755 sites/default
 chmod 644 sites/default/settings.php
 
+# Update the install_profile if it's already there
+if grep -q "^\\\$settings\['install_profile'\] =" sites/default/settings.php;
+then
+  sed -i -e "s/^\(\$settings\['install_profile'\]\) = '[^']*';/\1 = '$INSTALLATION_PROFILE';/g" sites/default/settings.php
+fi
+
 # Add some basic settings to settings.php
 if ! grep -q "^\\\$settings\['trusted_host_patterns'\] =" sites/default/settings.php;
 then
@@ -153,10 +159,13 @@ then
   composer --working-dir=../ require drupal/devel
   $DRUSH --yes en devel
 
-  chmod 755 sites/default
   cp sites/example.settings.local.php sites/default/settings.local.php
+
+  # Disable some overly permissive settings
+  sed -i -e "s/^\(\$settings\['rebuild_access'\]\).*$/\1 = FALSE;/g" sites/default/settings.local.php
+  sed -i -e "s/^\(\$settings\['skip_permissions_hardening'\]\).*$/\1 = FALSE;/g" sites/default/settings.local.php
+
   chmod 444 sites/default/settings.local.php
-  chmod 555 sites/default
 
   if ! grep -q "^include \$app_root . '/' . \$site_path . '/settings.local.php';" sites/default/settings.php;
   then
@@ -165,6 +174,7 @@ then
 fi
 
 chmod 444 sites/default/settings.php
+chmod 555 sites/default
 
 # If using a git checkout of Drupal core, set up a diff alias.
 #