function acquia_spi_security_review_check_php_filter in Acquia Connector 6.2
Same name and namespace in other branches
- 7.3 acquia_spi/security_review.inc \acquia_spi_security_review_check_php_filter()
- 7.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_php_filter()
1 string reference to 'acquia_spi_security_review_check_php_filter'
- _acquia_spi_security_review_security_checks in acquia_spi/
security_review.inc - Checks for acquia_spi_security_review_get_checks().
File
- acquia_spi/
security_review.inc, line 335 - Stand-alone security checks and review system.
Code
function acquia_spi_security_review_check_php_filter() {
$result = TRUE;
$formats = filter_formats();
$check_result_value = array();
// Check formats that are accessible by untrusted users.
$untrusted_roles = acquia_spi_security_review_untrusted_roles();
// The default format is usable by all users even if no roles are listed on it.
$default_format = variable_get('filter_default_format', FILTER_FORMAT_DEFAULT);
// Loop through each format and look for the PHP filter.
foreach ($formats as $id => $format) {
$format_roles = array_filter(explode(',', $format->roles));
if ($format->format == $default_format) {
// The default format is available to all roles.
$intersect = drupal_map_assoc(array_keys(user_roles()));
}
else {
$intersect = array_intersect($format_roles, $untrusted_roles);
}
if (!empty($intersect)) {
// Untrusted users can use this format.
$filters = filter_list_format($format->format);
// Check format for PHP filter.
if (in_array('php/0', array_keys($filters))) {
$result = FALSE;
$check_result_value['formats'][$id] = $format->name;
$check_result_value['roles'] = $intersect;
}
}
}
return array(
'result' => $result,
'value' => $check_result_value,
);
}