You are here

protected function SecurityReviewController::checkPhpFilter in Acquia Connector 8.2

Same name and namespace in other branches
  1. 8 src/Controller/SecurityReviewController.php \Drupal\acquia_connector\Controller\SecurityReviewController::checkPhpFilter()
  2. 3.x src/Controller/SecurityReviewController.php \Drupal\acquia_connector\Controller\SecurityReviewController::checkPhpFilter()

Check if untrusted users can use PHP Filter format.

Return value

array Result.

Throws

\Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException

\Drupal\Component\Plugin\Exception\PluginNotFoundException

File

src/Controller/SecurityReviewController.php, line 496

Class

SecurityReviewController
Acquia Security Review page.

Namespace

Drupal\acquia_connector\Controller

Code

protected function checkPhpFilter() {
  $result = TRUE;
  $check_result_value = [];

  /** @var \Drupal\filter\FilterFormatInterface[] $formats */
  $formats = $this
    ->entityTypeManager()
    ->getStorage('filter_format')
    ->loadByProperties([
    'status' => TRUE,
  ]);

  // Check formats that are accessible by untrusted users.
  $untrusted_roles = $this
    ->untrustedRoles();
  $untrusted_roles = array_keys($untrusted_roles);
  foreach ($formats as $id => $format) {
    $format_roles = filter_get_roles_by_format($format);
    $intersect = array_intersect(array_keys($format_roles), $untrusted_roles);
    if (!empty($intersect)) {

      // Untrusted users can use this format.
      $filters = $formats[$id]
        ->get('filters');

      // Check format for enabled PHP filter.
      if (in_array('php_code', array_keys($filters)) && $filters['php_code']['status'] == 1) {
        $result = FALSE;
        $check_result_value['formats'][$id] = $format;
      }
    }
  }
  return [
    'result' => $result,
    'value' => $check_result_value,
  ];
}