Keep web/ up to date

scripts/drupal/update-scaffold

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+CWD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=`realpath "${CWD}/../.."`
+
+drush dl drupal-8 --destination=/tmp --drupal-project-rename=drupal-8 --quiet -y
+
+rsync -avz --delete /tmp/drupal-8/ $ROOT/web \
+ --exclude=.gitkeep \
+ --exclude=autoload.php \
+ --exclude=composer.json \
+ --exclude=core \
+ --exclude=drush \
+ --exclude=example.gitignore \
+ --exclude=LICENSE.txt \
+ --exclude=README.txt \
+ --exclude=vendor
+
+rm -rf /tmp/drupal-8
+

web/.eslintignore

@@ -5,3 +5,4 @@ sites/**/files/**/*
 libraries/**/*
 sites/**/libraries/**/*
 profiles/**/libraries/**/*
+**/js_test_files/**/*

web/.eslintrc

@@ -21,7 +21,9 @@
     "comma-style": [2, "last"],
     "eqeqeq": [2, "smart"],
     "guard-for-in": 2,
+    "indent": [2, 2, {"indentSwitchCase": true}],
     "key-spacing": [2, {"beforeColon": false, "afterColon": true}],
+    "lines-around-comment": [2, {"beforeBlockComment": true, "afterBlockComment": false}],
     "no-implied-eval": 2,
     "no-mixed-spaces-and-tabs": 2,
     "no-nested-ternary": 2,
@@ -30,15 +32,24 @@
     "no-undef": 2,
     "no-undefined": 2,
     "no-unused-vars": [2, {"vars": "local", "args": "none"}],
+    "one-var": [2, "never"],
     "semi": [2, "always"],
-    "space-after-keywords": [2, "always", {"checkFunctionKeyword": true}],
+    "space-after-keywords": [2, "always"],
     "space-before-blocks": [2, "always"],
+    "space-before-function-paren": [2, {"anonymous": "always", "named": "never"}],
     "space-in-brackets": [2, "never"],
     "space-in-parens": [2, "never"],
     "spaced-line-comment": [2, "always"],
     "strict": 2,
     // Warnings.
     "max-nested-callbacks": [1, 3],
+    "valid-jsdoc": [1, {
+      "prefer": {
+        "returns": "return",
+        "property": "prop"
+      },
+      "requireReturn": false
+    }],
     // Disabled.
     "camelcase": 0,
     "consistent-return": 0,

web/.gitattributes

@@ -1,6 +1,6 @@
 # Drupal git normalization
-# @see http://www.kernel.org/pub/software/scm/git/docs/gitattributes.html
-# @see http://drupal.org/node/1542048
+# @see https://www.kernel.org/pub/software/scm/git/docs/gitattributes.html
+# @see https://www.drupal.org/node/1542048
 
 # Normally these settings would be done with macro attributes for improved
 # readability and easier maintenance. However macros can only be defined at the
@@ -50,3 +50,4 @@
 *.jpg     -text diff
 *.png     -text diff
 *.phar    -text diff
+*.exe     -text diff

web/.htaccess

@@ -3,7 +3,7 @@
 #
 
 # Protect files and directories from prying eyes.
-<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
+<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
   <IfModule mod_authz_core.c>
     Require all denied
   </IfModule>
@@ -24,6 +24,10 @@ ErrorDocument 404 /index.php
 # Set the default handler.
 DirectoryIndex index.php index.html index.htm
 
+# Add correct encoding for SVGZ.
+AddType image/svg+xml svg svgz
+AddEncoding gzip svgz
+
 # Override PHP settings that cannot be changed at runtime. See
 # sites/default/default.settings.php and
 # Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
@@ -35,6 +39,9 @@ DirectoryIndex index.php index.html index.htm
   php_value mbstring.http_input             pass
   php_value mbstring.http_output            pass
   php_flag mbstring.encoding_translation    off
+  # PHP 5.6 has deprecated $HTTP_RAW_POST_DATA and produces warnings if this is
+  # not set.
+  php_value always_populate_raw_post_data   -1
 </IfModule>
 
 # Requires mod_expires to be enabled.
@@ -90,14 +97,14 @@ DirectoryIndex index.php index.html index.htm
   # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
   #
   # To redirect all users to access the site WITH the 'www.' prefix,
-  # (http://example.com/... will be redirected to http://www.example.com/...)
+  # (http://example.com/foo will be redirected to http://www.example.com/foo)
   # uncomment the following:
   # RewriteCond %{HTTP_HOST} .
   # RewriteCond %{HTTP_HOST} !^www\. [NC]
   # RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
   #
   # To redirect all users to access the site WITHOUT the 'www.' prefix,
-  # (http://www.example.com/... will be redirected to http://example.com/...)
+  # (http://www.example.com/foo will be redirected to http://example.com/foo)
   # uncomment the following:
   # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
   # RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
@@ -132,13 +139,14 @@ DirectoryIndex index.php index.html index.htm
   # Allow access to PHP files in /core (like authorize.php or install.php):
   RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
   # Allow access to test-specific PHP files:
-  RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php$
+  RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
   # Allow access to Statistics module's custom front controller.
   # Copy and adapt this rule to directly execute PHP files in contributed or
   # custom modules or to run another PHP application in the same directory.
   RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
   # Deny access to any other PHP files that do not match the rules above.
-  RewriteRule "^.+/.*\.php$" - [F]
+  # Specifically, disallow autoload.php from being served directly.
+  RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
 
   # Rules to correctly serve gzip compressed CSS and JS files.
   # Requires both mod_rewrite and mod_headers to be enabled.

web/index.php

@@ -9,37 +9,14 @@
  */
 
 use Drupal\Core\DrupalKernel;
-use Drupal\Core\Site\Settings;
-use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
 
 $autoloader = require_once 'autoload.php';
 
-try {
+$kernel = new DrupalKernel('prod', $autoloader);
 
-  $request = Request::createFromGlobals();
-  $kernel = DrupalKernel::createFromRequest($request, $autoloader, 'prod');
-  $response = $kernel
-      ->handle($request)
-      // Handle the response object.
-      ->prepare($request)->send();
-  $kernel->terminate($request, $response);
-}
-catch (HttpExceptionInterface $e) {
-  $response = new Response($e->getMessage(), $e->getStatusCode());
-  $response->prepare($request)->send();
-}
-catch (Exception $e) {
-  $message = 'If you have just changed code (for example deployed a new module or moved an existing one) read <a href="http://drupal.org/documentation/rebuild">http://drupal.org/documentation/rebuild</a>';
-  if (Settings::get('rebuild_access', FALSE)) {
-    $rebuild_path = $GLOBALS['base_url'] . '/rebuild.php';
-    $message .= " or run the <a href=\"$rebuild_path\">rebuild script</a>";
-  }
+$request = Request::createFromGlobals();
+$response = $kernel->handle($request);
+$response->send();
 
-  // Set the response code manually. Otherwise, this response will default to a
-  // 200.
-  http_response_code(500);
-  print $message;
-  throw $e;
-}
+$kernel->terminate($request, $response);

web/robots.txt

@@ -12,12 +12,8 @@
 #
 # For more information about the robots.txt standard, see:
 # http://www.robotstxt.org/robotstxt.html
-#
-# For syntax checking, see:
-# http://www.frobee.com/robots-txt-check
 
 User-agent: *
-Crawl-delay: 10
 # JS/CSS
 Allow: /core/*.css$
 Allow: /core/*.js$

web/sites/default/default.services.yml

@@ -25,9 +25,9 @@ parameters:
     cookie_lifetime: 2000000
     #
     # Drupal automatically generates a unique session cookie name based on the
-    # full domain name used to access the site. This mechanism is sufficent for
-    # most use-cases, including multi-site deployments. However, if it is
-    # desired that a session can be reused accross different subdomains, the
+    # full domain name used to access the site. This mechanism is sufficient
+    # for most use-cases, including multi-site deployments. However, if it is
+    # desired that a session can be reused across different subdomains, the
     # cookie domain needs to be set to the shared base domain. Doing so assures
     # that users remain logged in as they cross between various subdomains.
     # To maximize compatibility and normalize the behavior across user agents,
@@ -51,7 +51,7 @@ parameters:
     #   changes (see auto_reload below).
     #
     # For more information about debugging Twig templates, see
-    # http://drupal.org/node/1906392.
+    # https://www.drupal.org/node/1906392.
     #
     # Not recommended in production environments
     # @default false
@@ -76,6 +76,14 @@ parameters:
     # Not recommended in production environments
     # @default true
     cache: true
+  renderer.config:
+    # Renderer required cache contexts:
+    #
+    # The Renderer will automatically associate these cache contexts with every
+    # render array, hence varying every render array by these cache contexts.
+    #
+    # @default ['languages:language_interface', 'theme']
+    required_cache_contexts: ['languages:language_interface', 'theme']
   factory.keyvalue:
     {}
     # Default key/value storage service to use.

web/sites/default/default.settings.php

@@ -22,7 +22,7 @@
  * 'sites/default' will be used.
  *
  * For example, for a fictitious site installed at
- * http://www.drupal.org:8080/mysite/test/, the 'settings.php' file is searched
+ * https://www.drupal.org:8080/mysite/test/, the 'settings.php' file is searched
  * for in the following directories:
  *
  * - sites/8080.www.drupal.org.mysite.test
@@ -44,11 +44,11 @@
  *
  * Note that if you are installing on a non-standard port number, prefix the
  * hostname with that number. For example,
- * http://www.drupal.org:8080/mysite/test/ could be loaded from
+ * https://www.drupal.org:8080/mysite/test/ could be loaded from
  * sites/8080.www.drupal.org.mysite.test/.
  *
  * @see example.sites.php
- * @see conf_path()
+ * @see \Drupal\Core\DrupalKernel::getSitePath()
  *
  * In addition to customizing application settings through variables in
  * settings.php, you can create a services.yml file in the same directory to
@@ -75,7 +75,7 @@
  *   'host' => 'localhost',
  *   'port' => 3306,
  *   'prefix' => 'myprefix_',
- *   'collation' => 'utf8_general_ci',
+ *   'collation' => 'utf8mb4_general_ci',
  * );
  * @endcode
  *
@@ -127,7 +127,7 @@
  *   'password' => 'password',
  *   'host' => 'localhost',
  *   'prefix' => 'main_',
- *   'collation' => 'utf8_general_ci',
+ *   'collation' => 'utf8mb4_general_ci',
  * );
  * @endcode
  *
@@ -255,6 +255,18 @@
  * @see \Drupal\Core\Site\Settings::get()
  */
 
+/**
+ * The active installation profile.
+ *
+ * Changing this after installation is not recommended as it changes which
+ * directories are scanned during extension discovery. If this is set prior to
+ * installation this value will be rewritten according to the profile selected
+ * by the user.
+ *
+ * @see install_select_profile()
+ */
+# $settings['install_profile'] = '';
+
 /**
  * Salt for one-time login links, cancel links, form tokens, etc.
  *
@@ -274,6 +286,16 @@
  */
 $settings['hash_salt'] = '';
 
+/**
+ * Deployment identifier.
+ *
+ * Drupal's dependency injection container will be automatically invalidated and
+ * rebuilt when the Drupal core version changes. When updating contributed or
+ * custom code that changes the container, changing this identifier will also
+ * allow the container to be invalidated as soon as code is deployed.
+ */
+# $settings['deployment_identifier'] = \Drupal::VERSION;
+
 /**
  * Access control for update.php script.
  *
@@ -371,18 +393,29 @@
 /**
  * Class Loader.
  *
- * By default, Composer's ClassLoader is used, which is best for development, as
- * it does not break when code is moved in the file system. You can decorate the
- * class loader with a cached solution for better performance, which is
- * recommended for production sites.
- *
- * To do so, you may decorate and replace the local $class_loader variable.
- *
- * For example, to use Symfony's APC class loader, uncomment the code below.
+ * If the APC extension is detected, the Symfony APC class loader is used for
+ * performance reasons. Detection can be prevented by setting
+ * class_loader_auto_detect to false, as in the example below.
+ */
+# $settings['class_loader_auto_detect'] = FALSE;
+
+/*
+ * If the APC extension is not detected, either because APC is missing or
+ * because auto-detection has been disabled, auto-loading falls back to
+ * Composer's ClassLoader, which is good for development as it does not break
+ * when code is moved in the file system. You can also decorate the base class
+ * loader with another cached solution than the Symfony APC class loader, as
+ * all production sites should have a cached class loader of some sort enabled.
+ *
+ * To do so, you may decorate and replace the local $class_loader variable. For
+ * example, to use Symfony's APC class loader without automatic detection,
+ * uncomment the code below.
  */
 /*
 if ($settings['hash_salt']) {
-  $apc_loader = new \Symfony\Component\ClassLoader\ApcClassLoader('drupal.' . $settings['hash_salt'], $class_loader);
+  $prefix = 'drupal.' . hash('sha256', 'drupal.' . $settings['hash_salt']);
+  $apc_loader = new \Symfony\Component\ClassLoader\ApcClassLoader($prefix, $class_loader);
+  unset($prefix);
   $class_loader->unregister();
   $apc_loader->register();
   $class_loader = $apc_loader;
@@ -407,7 +440,7 @@
  * the code directly via SSH or FTP themselves. This setting completely
  * disables all functionality related to these authorized file operations.
  *
- * @see http://drupal.org/node/244924
+ * @see https://www.drupal.org/node/244924
  *
  * Remove the leading hash signs to disable.
  */
@@ -434,14 +467,14 @@
  * Private file path:
  *
  * A local file system path where private files will be stored. This directory
- * must be absolute, outside of the the Drupal installation directory and not
+ * must be absolute, outside of the Drupal installation directory and not
  * accessible over the web.
  *
  * Note: Caches need to be cleared when this value is changed to make the
  * private:// stream wrapper available to the system.
  *
- * See http://drupal.org/documentation/modules/file for more information about
- * securing private files.
+ * See https://www.drupal.org/documentation/modules/file for more information
+ * about securing private files.
  */
 # $settings['file_private_path'] = '';
 

web/sites/example.settings.local.php

@@ -28,7 +28,7 @@
 $config['system.performance']['js']['preprocess'] = FALSE;
 
 /**
- * Disable the render cache.
+ * Disable the render cache (this includes the page cache).
  *
  * This setting disables the render cache by using the Null cache back-end
  * defined by the development.services.yml file above.