public function TrustedHosts::evaluate in Security Review 8
Returns the evaluation page of a result.
Usually this is a list of the findings and an explanation.
Parameters
\Drupal\security_review\CheckResult $result: The check result to evaluate.
Return value
array The render array of the evaluation page.
Overrides Check::evaluate
File
- src/
Checks/ TrustedHosts.php, line 130
Class
- TrustedHosts
- Checks for base_url and trusted_host_patterns settings in settings.php.
Namespace
Drupal\security_review\ChecksCode
public function evaluate(CheckResult $result) {
global $base_url;
if ($result
->result() !== CheckResult::FAIL) {
return [];
}
$settings_php = $this
->security()
->sitePath() . '/settings.php';
$paragraphs = [];
$paragraphs[] = $this
->t('This site is responding from the URL: :url.', [
':url' => $base_url,
]);
$paragraphs[] = $this
->t('If the site should be available only at that URL it is recommended that you set it as the $base_url variable in the settings.php file at @file.', [
'@file' => $settings_php,
]);
$paragraphs[] = $this
->t('If the site has multiple URLs it can respond from you should whitelist host patterns with trusted_host_patterns in settings.php.');
$paragraphs[] = new Link($this
->t('Read more about HTTP Host Header attacks and setting trusted_host_patterns.'), Url::fromUri('https://www.drupal.org/node/1992030'));
return [
'#theme' => 'check_evaluation',
'#paragraphs' => $paragraphs,
'#items' => [],
];
}