function security_review_check_upload_extensions_help in Security Review 7
Same name and namespace in other branches
- 6 security_review.help.inc \security_review_check_upload_extensions_help()
File
- ./security_review.help.inc, line 288
- Main help definition.
Code
function security_review_check_upload_extensions_help($check = NULL, $skipped_message = NULL) {
$element['title'] = t('Allowed upload extensions');
$element['descriptions'][] = t('File and image fields allow for uploaded files. Some extensions are considered dangerous because the files can be evaluated and then executued in the browser. A malicious user could use this opening to gain control of your site. Review <a href="@fields_report">all fields on your site</a>.', array(
'@fields_report' => url('admin/reports/fields'),
));
if (!empty($skipped_message)) {
$element['findings']['descriptions'][] = $skipped_message;
}
elseif ($check && $check['result'] == FALSE) {
$element['findings']['descriptions'][] = t('The following extensions are considered unsafe and should be removed or limited from use. Or, be sure you are not granting untrusted users the ability to upload files.');
foreach ($check['value'] as $field_name => $extensions) {
foreach ($extensions as $bundle => $extension) {
$element['findings']['items'][] = array(
'raw' => $extension,
'safe' => check_plain($extension),
'html' => l(t('Review @type in @name field on @bundle', array(
'@type' => $extension,
'@name' => $field_name,
'@bundle' => $bundle,
)), 'admin/structure/types/manage/' . $bundle . '/fields/' . $field_name),
);
}
}
}
return $element;
}
