function security_review_check_upload_extensions in Security Review 7
Same name and namespace in other branches
- 6 security_review.inc \security_review_check_upload_extensions()
1 call to security_review_check_upload_extensions()
- SecurityReviewTestCase::testCheckResults in tests/security_review.test
1 string reference to 'security_review_check_upload_extensions'
- _security_review_security_checks in ./security_review.inc
- Core Security Review's checks.
File
- ./security_review.inc, line 548
- Stand-alone security checks and review system.
Code
function security_review_check_upload_extensions($last_check = NULL) {
$check_result = TRUE;
$check_result_value = array();
$instances = field_info_instances();
$unsafe_extensions = security_review_unsafe_extensions();
foreach ($instances as $entity_type => $type_bundles) {
foreach ($type_bundles as $bundle => $bundle_instances) {
foreach ($bundle_instances as $field_name => $instance) {
$field = field_info_field($field_name);
if ($field['module'] == 'image' || $field['module'] == 'file') {
foreach ($unsafe_extensions as $unsafe_extension) {
if (strpos($instance['settings']['file_extensions'], $unsafe_extension) !== FALSE) {
$check_result_value[$instance['field_name']][$instance['bundle']] = $unsafe_extension;
$check_result = FALSE;
}
}
}
}
}
}
return array(
'result' => $check_result,
'value' => $check_result_value,
);
}
