You are here

Home » API reference » Security Review 6 » security_review.inc

function security_review_check_comments in Security Review 6

1 call to security_review_check_comments()
security_review_check_comments_help in ./security_review.help.inc
1 string reference to 'security_review_check_comments'
_security_review_security_checks in ./security_review.inc
Checks for security_review_security_checks() or security_review_get_checks().

File

./security_review.inc, line 549
Stand-alone security checks and review system.

Code

function security_review_check_comments($last_check = NULL) {
  $result = TRUE;
  $check_result_value = array();
  $timestamp = NULL;
  if (module_exists('comment')) {
    $sql = "SELECT nid, cid FROM {comments} WHERE comment LIKE '%s'";

    // If the check passed before only look at comments since the last run.
    if (!is_null($last_check) && $last_check['result'] == '1') {
      $sql .= " AND timestamp >= %d";
      $timestamp = $last_check['lastrun'];
    }
    foreach (array(
      'Javascript' => '%<script%',
      'PHP' => '%<?php%',
    ) as $description => $comparison) {
      $results = pager_query($sql, 20, 0, NULL, $comparison, $timestamp);
      while ($row = db_fetch_array($results)) {
        $check_result_value[$row['cid']] = array(
          $description => $row['nid'],
        );
      }
      if (!empty($check_result_value)) {
        $result = FALSE;
      }
    }
  }
  else {
    $result = NULL;
  }
  return array(
    'result' => $result,
    'value' => $check_result_value,
  );
}