function security_review_check_nodes_help in Security Review 6

File

./security_review.help.inc, line 273

Main help definition.

Code

function security_review_check_nodes_help($results = NULL) {
  $element['title'] = t('Dangerous tags in nodes');
  $element['descriptions'][] = t("Script and PHP code in the body of nodes does not align with Drupal best practices and may be a vulnerability if an untrusted user is allowed to edit such content. It is recommended you remove such content from the body of nodes.");
  $last_check = security_review_get_last_check('security_review', 'nodes');
  if ($last_check['skip'] == '1') {
    $element['findings']['descriptions'][] = _security_review_check_skipped($last_check);
  }
  elseif ($last_check['result'] == '0') {
    $element['findings']['descriptions'][] = t('The following nodes potentially have dangerous tags. The links go to the edit page.');
    if (is_null($results)) {
      $results = security_review_check_nodes();

      // Don't pass $last_check because timestamp is wrong now.
    }
    $destination = drupal_get_destination();
    foreach ($results['value'] as $problem_nid) {

      // There is no access checking. We state that the use of this module should be granted to trusted users only.
      $node = node_load(current($problem_nid));
      $description = key($problem_nid);
      $html = t('@description found in <a href="!link">@title</a>', array(
        '@description' => $description,
        '!link' => url('node/' . $node->nid . '/edit', array(
          'query' => $destination,
        )),
        '@title' => $node->title,
      ));
      $url = url('node/' . $node->nid . '/edit');
      $element['findings']['items'][] = array(
        'html' => $html,
        'safe' => t('@description in !url', array(
          '@description' => $description,
          '!url' => $url,
        )),
        'raw' => $description . ':' . $url,
      );
    }
    $element['findings']['pager'] = theme('pager', NULL, 50);
  }
  return $element;
}