protected function SecurityReviewController::checkPhpFilter in Acquia Connector 8.2
Same name and namespace in other branches
- 8 src/Controller/SecurityReviewController.php \Drupal\acquia_connector\Controller\SecurityReviewController::checkPhpFilter()
- 3.x src/Controller/SecurityReviewController.php \Drupal\acquia_connector\Controller\SecurityReviewController::checkPhpFilter()
Check if untrusted users can use PHP Filter format.
Return value
array Result.
Throws
\Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException
\Drupal\Component\Plugin\Exception\PluginNotFoundException
File
- src/
Controller/ SecurityReviewController.php, line 496
Class
- SecurityReviewController
- Acquia Security Review page.
Namespace
Drupal\acquia_connector\ControllerCode
protected function checkPhpFilter() {
$result = TRUE;
$check_result_value = [];
/** @var \Drupal\filter\FilterFormatInterface[] $formats */
$formats = $this
->entityTypeManager()
->getStorage('filter_format')
->loadByProperties([
'status' => TRUE,
]);
// Check formats that are accessible by untrusted users.
$untrusted_roles = $this
->untrustedRoles();
$untrusted_roles = array_keys($untrusted_roles);
foreach ($formats as $id => $format) {
$format_roles = filter_get_roles_by_format($format);
$intersect = array_intersect(array_keys($format_roles), $untrusted_roles);
if (!empty($intersect)) {
// Untrusted users can use this format.
$filters = $formats[$id]
->get('filters');
// Check format for enabled PHP filter.
if (in_array('php_code', array_keys($filters)) && $filters['php_code']['status'] == 1) {
$result = FALSE;
$check_result_value['formats'][$id] = $format;
}
}
}
return [
'result' => $result,
'value' => $check_result_value,
];
}