function acquia_spi_security_review_check_php_filter in Acquia Connector 7.2
Same name and namespace in other branches
- 6.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_php_filter()
- 7.3 acquia_spi/security_review.inc \acquia_spi_security_review_check_php_filter()
1 string reference to 'acquia_spi_security_review_check_php_filter'
- _acquia_spi_security_review_security_checks in acquia_spi/
security_review.inc - Checks for acquia_spi_security_review_get_checks().
File
- acquia_spi/
security_review.inc, line 288 - Stand-alone security checks and review system.
Code
function acquia_spi_security_review_check_php_filter() {
$result = TRUE;
$formats = filter_formats();
$check_result_value = array();
// Check formats that are accessible by untrusted users.
$untrusted_roles = acquia_spi_security_review_untrusted_roles();
$untrusted_roles = array_keys($untrusted_roles);
foreach ($formats as $id => $format) {
$format_roles = filter_get_roles_by_format($format);
$intersect = array_intersect(array_keys($format_roles), $untrusted_roles);
if (!empty($intersect)) {
// Untrusted users can use this format.
$filters = filter_list_format($format->format);
// Check format for enabled PHP filter.
if (in_array('php_code', array_keys($filters)) && $filters['php_code']->status) {
$result = FALSE;
$check_result_value['formats'][$id] = $format;
}
}
}
return array(
'result' => $result,
'value' => $check_result_value,
);
}