Prevent access to fixture files even if the web server is misconfigured

src/Client.php

@@ -259,9 +259,7 @@ public function getCookieJar()
     }
 
     /**
-     * @param string $locator               The path to an element to be waited for. Can be a CSS selector or Xpath expression.
-     * @param int    $timeoutInSecond
-     * @param int    $intervalInMillisecond
+     * @param string $locator The path to an element to be waited for. Can be a CSS selector or Xpath expression.
      *
      * @throws NoSuchElementException
      * @throws TimeoutException

src/DomCrawler/Field/FileFormField.php

@@ -77,12 +77,7 @@ protected function initialize()
 
         $type = \strtolower($this->element->getAttribute('type'));
         if ('file' !== $type) {
-            throw new \LogicException(
-                \sprintf(
-                    'A FileFormField can only be created from an input tag with a type of file (given type is %s).',
-                    $type
-                )
-            );
+            throw new \LogicException(\sprintf('A FileFormField can only be created from an input tag with a type of file (given type is %s).', $type));
         }
 
         $value = $this->element->getAttribute('value');

src/PantherTestCaseTrait.php

@@ -188,8 +188,7 @@ protected static function createAdditionalPantherClient(): PantherClient
     }
 
     /**
-     * @param array $options       see {@see $defaultOptions}
-     * @param array $kernelOptions
+     * @param array $options see {@see $defaultOptions}
      *
      * @deprecated since Panther 0.7, use createHttpBrowserClient instead
      */

src/WebDriver/WebDriverCheckbox.php

@@ -176,9 +176,7 @@ private function byValue($value, $select = true)
         }
 
         if (!$matched) {
-            throw new NoSuchElementException(
-                \sprintf('Cannot locate option with value: %s', $value)
-            );
+            throw new NoSuchElementException(\sprintf('Cannot locate option with value: %s', $value));
         }
     }
 

tests/fixtures/.htaccess

@@ -0,0 +1,7 @@
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+<IfModule !mod_authz_core.c>
+    Order deny,allow
+    Deny from all
+</IfModule>

tests/fixtures/cookie.php

@@ -1,15 +1,26 @@
-<?php declare(strict_types=1);
+<?php
+
+/*
+ * This file is part of the Panther project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+require __DIR__.'/security-check.php';
+
 $val = $_COOKIE['barcelona'] ?? 0;
 
 \setcookie('barcelona', (string) ($val + 1), 0, '/cookie.php', '127.0.0.1', false, true);
-
 ?>
-
 <!DOCTYPE html>
 <html lang="en">
 <body>
     <div id="barcelona"><?=$val; ?></div>
     <div id="foo"><?=$_COOKIE['foo'] ?? ''; ?></div>
 </body>
 </html>
-

tests/fixtures/env.php

@@ -11,6 +11,8 @@
 
 declare(strict_types=1);
 
+require __DIR__.'/security-check.php';
+
 if ('APP_ENV' === $_GET['name'] ?? null): ?>
     <?=$_ENV['APP_ENV']; ?>
 <?php else: ?>

tests/fixtures/index.php

@@ -11,5 +11,7 @@
 
 declare(strict_types=1);
 
+require __DIR__.'/security-check.php';
+
 http_response_code(500); // The web server must start even in case of error
 echo 'ready';

tests/fixtures/security-check.php

@@ -0,0 +1,22 @@
+<?php
+
+/*
+ * This file is part of the Panther project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+if (
+    isset($_SERVER['HTTP_CLIENT_IP'])
+    || isset($_SERVER['HTTP_X_FORWARDED_FOR'])
+    || '127.0.0.1' !== $_SERVER['REMOTE_ADDR']
+    || PHP_SAPI !== 'cli-server'
+) {
+    header('HTTP/1.0 403 Forbidden');
+    exit('You are not allowed to access this file. Check "tests/fixtures/security-check.php" for more information.');
+}