function acquia_spi_security_review_check_upload_extensions in Acquia Connector 6.2

Same name and namespace in other branches

7.3 acquia_spi/security_review.inc \acquia_spi_security_review_check_upload_extensions()
7.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_upload_extensions()

Check for unsafe allowed extensions.

1 string reference to 'acquia_spi_security_review_check_upload_extensions'

_acquia_spi_security_review_security_checks in acquia_spi/security_review.inc: Checks for acquia_spi_security_review_get_checks().

File

acquia_spi/security_review.inc, line 411: Stand-alone security checks and review system.

Code

function acquia_spi_security_review_check_upload_extensions() {
  $result = TRUE;
  $check_result_value = array();
  if (module_exists('upload')) {

    // First, check if any unsafe extensions are even allowed.
    $extensions = variable_get('upload_extensions_default', NULL);
    if (!is_null($extensions)) {
      $unsafe_extensions = acquia_spi_security_review_unsafe_extensions();
      foreach ($unsafe_extensions as $unsafe_extension) {
        if (strpos($extensions, $unsafe_extension) !== FALSE) {

          // Found an unsafe extension.
          $check_result_value['upload'][] = $unsafe_extension;
        }
      }
    }
    if (!empty($check_result_value)) {
      $result = FALSE;
    }
  }
  else {
    $result = NULL;
  }
  return array(
    'result' => $result,
    'value' => $check_result_value,
  );
}

You are here

function acquia_spi_security_review_check_upload_extensions in Acquia Connector 6.2

File

Code

API Navigation