function file_upload_security_fix_fields in File Upload Security 7
Same name and namespace in other branches
- 7.3 file_upload_security.module \file_upload_security_fix_fields()
Updates field settings to be secure.
Parameters
array $files: Passed by reference to collect fids that may require moving on server.
2 calls to file_upload_security_fix_fields()
- file_upload_security_fix_files in ./
file_upload_security.module - Helper to move files in insecure locations to the private file system.
- file_upload_security_fix_files_drush in ./
file_upload_security.module - Avoid use of batches when fixing files via drush.
File
- ./
file_upload_security.module, line 253 - Helper module to advise and resolve security issues in file uploads.
Code
function file_upload_security_fix_fields(&$files = array()) {
$affected_fields = file_upload_security_affected_types();
if ($affected_fields['fields']) {
foreach ($affected_fields['fields'] as $field => $bundles) {
$info = field_info_field($field);
if ($info && array_key_exists('settings', $info)) {
if ($info['settings']['uri_scheme'] != 'private') {
$info['settings']['uri_scheme'] = 'private';
field_update_field($info);
$updated_fields[$field] = $bundles;
}
$field_table = isset($info['storage']['details']['sql']['FIELD_LOAD_CURRENT']) ? key($info['storage']['details']['sql']['FIELD_LOAD_CURRENT']) : NULL;
$field_column = isset($info['storage']['details']['sql']['FIELD_LOAD_CURRENT'][$field_table]['fid']) ? $info['storage']['details']['sql']['FIELD_LOAD_CURRENT'][$field_table]['fid'] : NULL;
if ($field_table && $field_column) {
$query = db_select($field_table, 'f')
->fields('f', array(
$field_column,
))
->execute();
$files = $files + $query
->fetchAllKeyed(0, 0);
}
else {
drupal_set_message(t('You are using non-sql storage for the field :field. These files will need to be manually moved and files_managed updated.', array(
':field' => $field,
)), 'error');
}
}
}
}
}