function security_review_check_upload_extensions_help in Security Review 6
Same name and namespace in other branches
- 7 security_review.help.inc \security_review_check_upload_extensions_help()
File
- ./security_review.help.inc, line 177
- Main help definition.
Code
function security_review_check_upload_extensions_help($result = NULL) {
$element['title'] = t('Allowed upload extensions');
$element['descriptions'][] = t("The upload module allows users to attach files to content. Some extensions are considered dangerous because the files can be evaluated and then executued in the browser. A malicious user could use this opening to gain control of your site.");
$last_check = security_review_get_last_check('security_review', 'upload_extensions');
if ($last_check['skip'] == '1') {
$element['findings']['descriptions'][] = _security_review_check_skipped($last_check);
}
elseif ($last_check['result'] == '0') {
if (is_null($result)) {
$result = security_review_check_upload_extensions();
}
$element['findings']['descriptions'][] = t('<a href="!link">Alter file upload settings.</a>', array(
'!link' => url('admin/settings/uploads'),
));
$element['findings']['descriptions'][] = t('The following extensions are considered unsafe and should be removed or limited from use. Or, be sure you are not granting untrusted users the ability to upload files.');
foreach ($result['value'] as $extension) {
$element['findings']['items'][] = array(
'raw' => $extension,
'safe' => check_plain($extension),
);
}
}
return $element;
}
