function security_review_check_php_filter in Security Review 7
Same name and namespace in other branches
- 6 security_review.inc \security_review_check_php_filter()
1 string reference to 'security_review_check_php_filter'
- _security_review_security_checks in ./
security_review.inc - Core Security Review's checks.
File
- ./
security_review.inc, line 338 - Stand-alone security checks and review system.
Code
function security_review_check_php_filter() {
$result = TRUE;
$formats = filter_formats();
$check_result_value = array();
// Check formats that are accessible by untrusted users.
$untrusted_roles = security_review_untrusted_roles();
$untrusted_roles = array_keys($untrusted_roles);
foreach ($formats as $id => $format) {
$format_roles = filter_get_roles_by_format($format);
$intersect = array_intersect(array_keys($format_roles), $untrusted_roles);
if (!empty($intersect)) {
// Untrusted users can use this format.
$filters = filter_list_format($format->format);
// Check format for enabled PHP filter.
if (in_array('php_code', array_keys($filters)) && $filters['php_code']->status) {
$result = FALSE;
$check_result_value['formats'][$id] = $format;
}
}
}
return array(
'result' => $result,
'value' => $check_result_value,
);
}