function acquia_spi_security_review_check_upload_extensions in Acquia Connector 7.2
Same name and namespace in other branches
- 6.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_upload_extensions()
- 7.3 acquia_spi/security_review.inc \acquia_spi_security_review_check_upload_extensions()
1 string reference to 'acquia_spi_security_review_check_upload_extensions'
- _acquia_spi_security_review_security_checks in acquia_spi/
security_review.inc - Checks for acquia_spi_security_review_get_checks().
File
- acquia_spi/
security_review.inc, line 483 - Stand-alone security checks and review system.
Code
function acquia_spi_security_review_check_upload_extensions($last_check = NULL) {
$check_result = TRUE;
$check_result_value = array();
$instances = field_info_instances();
$unsafe_extensions = acquia_spi_security_review_unsafe_extensions();
// Loop through instances checking for fields of file.
foreach ($instances as $entity_type => $type_bundles) {
foreach ($type_bundles as $bundle => $bundle_instances) {
foreach ($bundle_instances as $field_name => $instance) {
$field = field_info_field($field_name);
if ($field['module'] == 'image' || $field['module'] == 'file') {
// Check instance file_extensions.
foreach ($unsafe_extensions as $unsafe_extension) {
if (strpos($instance['settings']['file_extensions'], $unsafe_extension) !== FALSE) {
// Found an unsafe extension.
$check_result_value[$instance['field_name']][$instance['bundle']] = $unsafe_extension;
$check_result = FALSE;
}
}
}
}
}
}
return array(
'result' => $check_result,
'value' => $check_result_value,
);
}