public function PrivateFiles::run in Security Review 8

The actual procedure of carrying out the check.

Return value

\Drupal\security_review\CheckResult The result of running the check.

Overrides Check::run

File

src/Checks/PrivateFiles.php, line 32

Class

PrivateFiles: Checks whether the private files' directory is under the web root.

Namespace

Drupal\security_review\Checks

Code

public function run() {
  $file_directory_path = PrivateStream::basePath();
  $visible = TRUE;
  if (empty($file_directory_path)) {

    // Private files feature is not enabled.
    $result = CheckResult::SUCCESS;
    $visible = FALSE;
  }
  elseif (strpos(realpath($file_directory_path), DRUPAL_ROOT) === 0) {

    // Path begins at root.
    $result = CheckResult::FAIL;
  }
  else {

    // The private files directory is placed correctly.
    $result = CheckResult::SUCCESS;
  }
  return $this
    ->createResult($result, [
    'path' => $file_directory_path,
  ], $visible);
}

You are here

public function PrivateFiles::run in Security Review 8

Return value

File

Class

Namespace

Code

API Navigation