public function PrivateFiles::help in Security Review 8

Returns the check-specific help page.

Return value

array The render array of the check's help page.

Overrides Check::help

File

src/Checks/PrivateFiles.php, line 54

Class

PrivateFiles: Checks whether the private files' directory is under the web root.

Namespace

Drupal\security_review\Checks

Code

public function help() {
  $paragraphs = [];
  $paragraphs[] = $this
    ->t("If you have Drupal's private files feature enabled you should move the files directory outside of the web server's document root. Drupal will secure access to files that it renders the link to, but if a user knows the actual system path they can circumvent Drupal's private files feature. You can protect against this by specifying a files directory outside of the webserver root.");
  return [
    '#theme' => 'check_help',
    '#title' => $this
      ->t('Private files'),
    '#paragraphs' => $paragraphs,
  ];
}

You are here

public function PrivateFiles::help in Security Review 8

Return value

File

Class

Namespace

Code

API Navigation