You are here

Home » API reference » Security Review 7 » security_review.help.inc

function security_review_check_base_url_help in Security Review 7

File

./security_review.help.inc, line 393
Main help definition.

Code

function security_review_check_base_url_help($check = NULL, $skipped_message = NULL) {
  global $base_url;
  $element = array();
  $element['title'] = t('Drupal base URL');
  $element['descriptions'][] = t("Setting Drupal's \$base_url in settings.php can help protect against attackers manipulating links to your site. For example, an attacker could exploit a missing \$base_url setting to carry out a phishing attack that may lead to the theft of your site's private user data.");
  if (!empty($skipped_message)) {
    $element['findings']['descriptions'][] = $skipped_message;
  }
  elseif ($check && $check['result'] == FALSE) {
    $element['findings']['descriptions'][] = t('Your site is available at the following URL: !url.', array(
      '!url' => $base_url,
    ));
    $element['findings']['descriptions'][] = t("If your site should only be available at that URL it is recommended that you set it as the \$base_url variable in the settings.php file at !file", array(
      '!file' => DRUPAL_ROOT . '/' . conf_path() . '/settings.php',
    ));
    $element['findings']['descriptions'][] = t("Or, if you are using Drupal's multi-site functionality then you should set the \$base_url variable for the appropriate settings.php for your site.");
  }
  return $element;
}