You are here

Home » API reference » Security Review 7 » security_review.pages.inc

function security_review_toggle_check in Security Review 7

Same name and namespace in other branches
  1. 6 security_review.module \security_review_toggle_check()

Menu callback and Javascript callback for check skip toggling.

1 string reference to 'security_review_toggle_check'
security_review_menu in ./security_review.module
Implements hook_menu().

File

./security_review.pages.inc, line 284
security_review.pages.inc

Code

function security_review_toggle_check($type = 'ajax', $check_name) {
  global $user;
  if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], $check_name)) {
    return drupal_access_denied();
  }
  $result = FALSE;

  // To be sure, compare the user-provided check with available checks.
  module_load_include('inc', 'security_review');
  $checklist = security_review_get_checklist();
  foreach ($checklist as $module => $checks) {
    if (in_array($check_name, array_keys($checks))) {
      $query = db_select('security_review', 'sr')
        ->fields('sr', array(
        'namespace',
        'reviewcheck',
        'result',
        'lastrun',
        'skip',
        'skiptime',
        'skipuid',
      ))
        ->condition('namespace', $module, '=')
        ->condition('reviewcheck', $check_name, '=');
      $record = $query
        ->execute()
        ->fetchObject();

      // Toggle the skip.
      if ($record->skip) {

        // We were skipping, so stop skipping and clear skip identifiers.
        $record->skip = FALSE;
        $record->skiptime = 0;
        $record->skipuid = NULL;
        $message = '!name check no longer skipped';
      }
      else {

        // Start skipping and record who made the decision and when.
        $record->skip = TRUE;
        $record->skiptime = REQUEST_TIME;
        $record->skipuid = $user->uid;
        $message = '!name check skipped';
      }
      $result = drupal_write_record('security_review', $record, array(
        'namespace',
        'reviewcheck',
      ));

      // To log, or not to log?
      $log = variable_get('security_review_log', TRUE);
      if ($log) {
        $variables = array(
          '!name' => $checks[$check_name]['title'],
        );
        _security_review_log($module, $check_name, $message, $variables, WATCHDOG_INFO);
      }
      break;
    }
  }
  if ($type == 'ajax') {
    drupal_json_output($record);
    return;
  }
  else {

    // We weren't invoked via JS so set a message and return to the review page.
    drupal_set_message(t($message, array(
      '!name' => $checks[$check_name]['title'],
    )));
    drupal_goto('admin/reports/security-review');
  }
}