You are here

Home » API reference » Security Review 6 » security_review.module

function security_review_toggle_check in Security Review 6

Same name and namespace in other branches
  1. 7 security_review.pages.inc \security_review_toggle_check()

Menu callback and Javascript callback for check skip toggling.

1 string reference to 'security_review_toggle_check'
security_review_menu in ./security_review.module
Implementation of hook_menu().

File

./security_review.module, line 401
Site security review and reporting Drupal module.

Code

function security_review_toggle_check($check_name) {
  global $user;
  module_load_include('inc', 'security_review');
  if (!drupal_valid_token($_GET['token'], $check_name)) {
    return drupal_access_denied();
  }
  $result = FALSE;

  // To be sure, we compare the user-provided check with available checks.
  $checklist = module_invoke_all('security_checks');
  foreach ($checklist as $module => $checks) {
    if (in_array($check_name, array_keys($checks))) {
      $sql = "SELECT namespace, reviewcheck, result, lastrun, skip, skiptime, skipuid FROM {security_review} WHERE namespace = '%s' AND reviewcheck = '%s'";
      $record = db_fetch_object(db_query($sql, $module, $check_name));

      // Toggle the skip.
      if ($record->skip) {

        // We were skipping, so stop skipping and clear skip identifiers.
        $record->skip = FALSE;
        $record->skiptime = 0;
        $record->skipuid = NULL;
        $message = '!name check no longer skipped';
      }
      else {

        // Start skipping and record who made the decision and when.
        $record->skip = TRUE;
        $record->skiptime = time();
        $record->skipuid = $user->uid;
        $message = '!name check skipped';
      }
      $result = drupal_write_record('security_review', $record, array(
        'namespace',
        'reviewcheck',
      ));

      // To log, or not to log?
      $log = variable_get('security_review_log', TRUE);
      if ($log) {
        $variables = array(
          '!name' => $checks[$check_name]['title'],
        );
        _security_review_log($module, $check_name, $message, $variables, WATCHDOG_INFO);
      }
      break;
    }
  }
  if (isset($_GET['js']) && intval($_GET['js']) == 1) {
    drupal_json($record);
    return;
  }

  // We weren't invoked via JS so set a message and return to the review page.
  drupal_set_message(t('Check will be skipped'));
  drupal_goto('admin/reports/security-review');
}