You are here

Home » API reference » Security Review 6 » security_review.help.inc

function security_review_check_email_passwords_help in Security Review 6

File

./security_review.help.inc, line 433
Main help definition.

Code

function security_review_check_email_passwords_help($results = NULL) {
  $element['title'] = t('Password included in user emails');
  $element['descriptions'][] = t("Drupal offers a '!password' token that can be included in email templates, but it should not be used because it can be stolen.");
  $last_check = security_review_get_last_check('security_review', 'password_in_emails');
  if ($last_check['skip'] == '1') {
    $element['findings']['descriptions'][] = _security_review_check_skipped($last_check);
  }
  elseif ($last_check['result'] == '0') {
    if (is_null($results)) {
      $results = security_review_check_email_passwords();
    }
    if (empty($results['value'])) {
      $element['findings']['descriptions'][] = t('No user email templates include the !password token.');
    }
    else {
      $element['findings']['descriptions'][] = t('The following email templates include the !password token. Visit the !user_settings page to modify these templates.', array(
        '!user_settings' => l('User Settings', 'admin/user/settings'),
      ));

      // It'd be best to print non-machine names for these templates.
      foreach ($results['value'] as $template_name) {
        $element['findings']['items'][] = array(
          'safe' => $template_name,
          'raw' => $template_name,
        );
      }
    }
  }
  return $element;
}