You are here

Home » API reference » Paranoia 6 » paranoia.module

function paranoia_requirements in Paranoia 6

Same name and namespace in other branches
  1. 8 paranoia.install \paranoia_requirements()
  2. 7 paranoia.install \paranoia_requirements()

Implementation of hook_requirements().

File

./paranoia.module, line 66
Disables PHP block visibility permission and gives status error if a role has this permission. Disables the PHP module. Hides the PHP and paranoia modules from the modules page. Prevents user/1 editing which could give access to abitrary contrib…

Code

function paranoia_requirements($phase) {
  $requirements = array();
  if ($phase == 'runtime') {

    // Ensure that no roles have permission to use PHP for block visibility.
    module_load_include('inc', 'user', 'user.admin');
    $form = user_admin_perm($form_state);
    $hide_permissions = module_invoke_all('paranoia_revoke');
    foreach (element_children($form['checkboxes']) as $rid) {
      if (count(array_intersect($hide_permissions, $form['checkboxes'][$rid]['#default_value']))) {
        $requirements['paranoia'] = array(
          'title' => t('Paranoia'),
          'description' => t('At least one user role has permission to input PHP. Resubmit your <a href="@admin/user/permissions">user permissions</a> to close this security hole.', array(
            '@admin/user/permissions' => url('admin/user/permissions'),
          )),
          'severity' => REQUIREMENT_ERROR,
        );
      }
    }

    // Ensure the PHP module is not enabled.
    if (module_exists('php')) {
      $requirements['paranoia_php'] = array(
        'title' => t('Paranoia'),
        'description' => t('The PHP module is enabled.  This module should be disabled (but paranoia module prevents it from showing in the module admin form).  It may have been enabled in the database, circumventing the effectiveness of paranoia module.'),
        'severity' => REQUIREMENT_ERROR,
      );
    }
  }
  return $requirements;
}