function acquia_spi_security_review_check_php_filter in Acquia Connector 7.3

Same name and namespace in other branches

6.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_php_filter()
7.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_php_filter()

Needs comment.

1 string reference to 'acquia_spi_security_review_check_php_filter'

_acquia_spi_security_review_security_checks in acquia_spi/security_review.inc: Checks for acquia_spi_security_review_get_checks().

File

acquia_spi/security_review.inc, line 303: Stand-alone security checks and review system.

Code

function acquia_spi_security_review_check_php_filter() {
  $result = TRUE;
  $formats = filter_formats();
  $check_result_value = array();

  // Check formats that are accessible by untrusted users.
  $untrusted_roles = acquia_spi_security_review_untrusted_roles();
  $untrusted_roles = array_keys($untrusted_roles);
  foreach ($formats as $id => $format) {
    $format_roles = filter_get_roles_by_format($format);
    $intersect = array_intersect(array_keys($format_roles), $untrusted_roles);
    if (!empty($intersect)) {

      // Untrusted users can use this format.
      $filters = filter_list_format($format->format);

      // Check format for enabled PHP filter.
      if (in_array('php_code', array_keys($filters)) && $filters['php_code']->status) {
        $result = FALSE;
        $check_result_value['formats'][$id] = $format;
      }
    }
  }
  return array(
    'result' => $result,
    'value' => $check_result_value,
  );
}

You are here

function acquia_spi_security_review_check_php_filter in Acquia Connector 7.3

File

Code

API Navigation