function security_review_check_private_files_help in Security Review 7
Same name and namespace in other branches
- 6 security_review.help.inc \security_review_check_private_files_help()
File
- ./
security_review.help.inc, line 167 - Main help definition.
Code
function security_review_check_private_files_help($check = NULL, $skipped_message = NULL) {
$element['title'] = t('Private files');
$element['descriptions'][] = t("If you have Drupal's private files feature enabled you should move the files directory outside of the web server's document root. Drupal will secure access to files that it renders the link to, but if a user knows the actual system path they can circumvent Drupal's private files feature. You can protect against this by specifying a files directory outside of the webserver root.");
if (!empty($skipped_message)) {
$element['findings']['descriptions'][] = $skipped_message;
}
elseif ($check && $check['result'] == FALSE) {
$element['findings']['descriptions'][] = t('Your files directory is not outside of the server root.');
$element['findings']['descriptions'][] = t('<a href="!link">Edit the files directory path.</a>', array(
'!link' => url('admin/config/media/file-system'),
));
$element['findings']['items'][] = array(
'safe' => t('Private files directory: @value', array(
'@value' => $check['value'],
)),
'raw' => 'Directory: ' . $check['value'],
);
}
return $element;
}