function security_review_check_private_files_help in Security Review 6
Same name and namespace in other branches
- 7 security_review.help.inc \security_review_check_private_files_help()
File
- ./security_review.help.inc, line 163
- Main help definition.
Code
function security_review_check_private_files_help($result = NULL) {
$element['title'] = t('Private files');
$element['descriptions'][] = t("If you have Drupal's private files feature enabled you should move the files directory outside of the web server's document root. While Drupal will control serving files when requested by way of content if a user knows the actual system path they can circumvent Drupal's private files feature. You can protect against this by specifying a files directory outside of the webserver root.");
$last_check = security_review_get_last_check('security_review', 'private_files');
if ($last_check['skip'] == '1') {
$element['findings']['descriptions'][] = _security_review_check_skipped($last_check);
}
elseif ($last_check['result'] == '0') {
$element['findings']['descriptions'][] = t('Your files directory is not outside of the server root.');
$element['findings']['descriptions'][] = t('<a href="!link">Edit the files directory path.</a>', array(
'!link' => url('admin/settings/file-system'),
));
}
return $element;
}
