You are here

Home » API reference » Security Kit 6 » seckit.form.inc

function seckit_admin_form_validate in Security Kit 6

Same name and namespace in other branches
  1. 7 includes/seckit.form.inc \seckit_admin_form_validate()

Validates form data.

1 string reference to 'seckit_admin_form_validate'
seckit_admin_form in includes/seckit.form.inc
Forms administration page.

File

includes/seckit.form.inc, line 395
Administrative interface for SecKit settings.

Code

function seckit_admin_form_validate($form, &$form_state) {

  // if From-Origin is enabled, it should be explicitly set
  $from_origin_enable = $form_state['values']['seckit_various']['from_origin'];
  $from_origin_destination = $form_state['values']['seckit_various']['from_origin_destination'];
  if ($from_origin_enable == 1 && !$from_origin_destination) {
    form_error($form['seckit_various']['from_origin_destination'], t('You have to set up trustworthy destination for From-Origin HTTP response header. Default is same.'));
  }

  // if X-Frame-Options is set to Allow-From, it should be explicitly set
  $x_frame_value = $form_state['values']['seckit_clickjacking']['x_frame'];
  $x_frame_allow_from = $form_state['values']['seckit_clickjacking']['x_frame_allow_from'];
  if ($x_frame_value == SECKIT_X_FRAME_ALLOW_FROM && !$x_frame_allow_from) {
    form_error($form['seckit_clickjacking']['x_frame_allow_from'], t('You have to set up trustworthy destination for X-Frame-Options: Allow-From HTTP response header.'));
  }

  // if HTTP Strict Transport Security is enabled, max-age must be specified.
  $hsts_enable = $form_state['values']['seckit_ssl']['hsts'];
  $hsts_max_age = $form_state['values']['seckit_ssl']['hsts_max_age'];
  if ($hsts_enable == 1 && !$hsts_max_age) {
    form_error($form['seckit_ssl']['hsts_max_age'], t('You have to set up Max-Age value for HTTP Strict Transport Security. Default is 1000.'));
  }

  // HSTS max-age should only contain digits.
  if (preg_match('/[^0-9]/', $hsts_max_age)) {
    form_error($form['seckit_ssl']['hsts_max_age'], t('Only digits are allowed in HTTP Strict Transport Security Max-Age field.'));
  }

  // if JS + CSS + Noscript Clickjacking protection is enabled,
  // custom text for disabled JS must be specified
  $js_css_noscript_enable = $form_state['values']['seckit_clickjacking']['js_css_noscript'];
  $noscript_message = $form_state['values']['seckit_clickjacking']['noscript_message'];
  if ($js_css_noscript_enable == 1 && !$noscript_message) {
    form_error($form['seckit_clickjacking']['noscript_message'], t('You have to set up Custom text for disabled JavaScript message when JS + CSS + Noscript protection is enabled.'));
  }
}