Following an audit, I've been tasked to remove extraneous files from the Twig 1.x vendor directory in one of our sites. Planning on removing /twig/twig/doc, /twig/twig/test and see if anything breaks.
What about /twig/twig/ext/twig/run-tests.php, or the entire "ext" directory?
Does anyone have prior experience weeding a default Twig 1.x installation for production environments? Any assistance or advice gratefully welcomed.
The correct action would be to update your site's layout so that these files are outside your web server's document root -- then you don't have to worry about what to delete and what to leave. You probably have something like this, where your web server's document root is pointing directly at /path/to/project:
/path/to/project
/lib
foo.php
bar.php
/twig
/twig
/doc
/test
index.php
This means anybody can directly request http://yourdomain.com/twig/twig/test/some_file.php
What you want is more like this:
/path/to/project
/public
index.php
/lib
foo.php
bar.php
/twig
/twig
/doc
/test
Then configure your web server so that its document root is /path/to/project/public. Then your application code can still include() things in /twig and /lib, but your web server won't directly serve them.