public function ExecutablePhp::evaluate in Security Review 8
Returns the evaluation page of a result.
Usually this is a list of the findings and an explanation.
Parameters
\Drupal\security_review\CheckResult $result: The check result to evaluate.
Return value
array The render array of the evaluation page.
Overrides Check::evaluate
File
- src/
Checks/ ExecutablePhp.php, line 146
Class
- ExecutablePhp
- Checks if PHP files written to the files directory can be executed.
Namespace
Drupal\security_review\ChecksCode
public function evaluate(CheckResult $result) {
$paragraphs = [];
foreach ($result
->findings() as $label) {
switch ($label) {
case 'executable_php':
$paragraphs[] = $this
->t('Security Review was able to execute a PHP file written to your files directory.');
break;
case 'missing_htaccess':
$directory = PublicStream::basePath();
$paragraphs[] = $this
->t("The .htaccess file is missing from the files directory at @path", [
'@path' => $directory,
]);
$paragraphs[] = $this
->t("Note, if you are using a webserver other than Apache you should consult your server's documentation on how to limit the execution of PHP scripts in this directory.");
break;
case 'incorrect_htaccess':
$paragraphs[] = $this
->t("The .htaccess file exists but does not contain the correct content. It is possible it's been maliciously altered.");
break;
case 'writable_htaccess':
$paragraphs[] = $this
->t("The .htaccess file is writable which poses a risk should a malicious user find a way to execute PHP code they could alter the .htaccess file to allow further PHP code execution.");
break;
}
}
return [
'#theme' => 'check_evaluation',
'#paragraphs' => $paragraphs,
'#items' => [],
];
}