You are here

Home » API reference » Security Kit 7 » seckit.module

function _seckit_get_options in Security Kit 7

Same name and namespace in other branches
  1. 6 seckit.module \_seckit_get_options()

Return the current SecKit settings.

Parameters

boolean $reset: If TRUE then re-generate (and re-cache) the options.

boolean $alter: Whether to invoke hook_seckit_options_alter(). (Used internally to prevent altered values being used in the admin settings form.)

19 calls to _seckit_get_options()
SecKitTestCase::testJSCSSNoscript in ./seckit.test
Tests JS + CSS + Noscript protection.
seckit_admin_form in includes/seckit.form.inc
Forms administration page.
seckit_boot in ./seckit.module
Implements hook_boot().
seckit_init in ./seckit.module
Implements hook_init().
seckit_module_implements_alter in ./seckit.module
Implements hook_module_implements_alter().

... See full list

File

./seckit.module, line 849
Allows administrators to improve security of the website.

Code

function _seckit_get_options($reset = FALSE, $alter = TRUE) {
  $options =& drupal_static(__FUNCTION__, array());
  if ($reset) {
    $options = array();
  }
  elseif ($options) {
    return $options;
  }

  // Merge the defaults into their associated saved variables, as necessary.
  // Each (scalar) value will be used only if its key does not exist in the
  // saved value (if any) for that variable.
  //
  // This means that we can introduce new settings with default values,
  // without affecting the saved values from earlier versions (which do
  // not yet contain the new keys).
  $defaults = _seckit_get_options_defaults();
  foreach (array_keys($defaults) as $option) {
    $options[$option] = array_replace_recursive($defaults[$option], variable_get($option, array()));
  }

  // Ensure there are non-empty values for the CSP default-src and report-uri
  // directives.
  $csp_defaults = $defaults['seckit_xss']['csp'];
  if (!$options['seckit_xss']['csp']['default-src']) {
    $options['seckit_xss']['csp']['default-src'] = $csp_defaults['default-src'];
  }
  if (!$options['seckit_xss']['csp']['report-uri']) {
    $options['seckit_xss']['csp']['report-uri'] = $csp_defaults['report-uri'];
  }

  // Convert ['seckit_clickjacking']['x_frame_allow_from'] to an array.
  $x_frame_allow_from =& $options['seckit_clickjacking']['x_frame_allow_from'];
  $x_frame_allow_from = _seckit_explode_value($x_frame_allow_from);

  // Convert $options['seckit_csrf']['origin_whitelist'] to an array.
  $whitelist =& $options['seckit_csrf']['origin_whitelist'];
  $whitelist = _seckit_explode_value($whitelist, ',');

  // Process alterations and return.
  if ($alter) {
    drupal_alter('seckit_options', $options);
  }
  return $options;
}