From d8aacc5de273da3b2d20ae8063bc8da4e57ae097 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 18 Jul 2008 07:24:29 +0000
Subject: - Patch #225880 by pwolanin, webchick, keith.smith, et al: fixed
 non-writability of settings.php.

---
 modules/simpletest/simpletest.test | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'modules/simpletest')

diff --git a/modules/simpletest/simpletest.test b/modules/simpletest/simpletest.test
index 2da05d6a3..f21b8d38b 100644
--- a/modules/simpletest/simpletest.test
+++ b/modules/simpletest/simpletest.test
@@ -42,6 +42,12 @@ class SimpleTestTestCase extends DrupalWebTestCase {
     if (!$this->inCURL()) {
       $this->drupalGet('node');
       $this->assertTitle(variable_get('site_name', 'Drupal'), t('Site title matches.'));
+      // Make sure that we are locked out of the installer when prefixing
+      // using the user-agent header. This is an important security check.
+      global $base_url;
+
+      $this->drupalGet($base_url . '/install.php', array('external' => TRUE));
+      $this->assertResponse(403, 'Cannot access install.php with a "simpletest" user-agent header.');
     }
   }
 
-- 
cgit v1.2.3