public function UploadExtensions::evaluate in Security Review 8
Returns the evaluation page of a result.
Usually this is a list of the findings and an explanation.
Parameters
\Drupal\security_review\CheckResult $result: The check result to evaluate.
Return value
array The render array of the evaluation page.
Overrides Check::evaluate
File
- src/
Checks/ UploadExtensions.php, line 91
Class
- UploadExtensions
- Checks for unsafe extensions in the allowed extensions settings of fields.
Namespace
Drupal\security_review\ChecksCode
public function evaluate(CheckResult $result) {
$findings = $result
->findings();
if (empty($findings)) {
return [];
}
$paragraphs = [];
$paragraphs[] = $this
->t('The following extensions are considered unsafe and should be removed or limited from use. Or, be sure you are not granting untrusted users the ability to upload files.');
$items = [];
foreach ($findings as $entity_id => $unsafe_extensions) {
$entity = FieldConfig::load($entity_id);
/** @var FieldConfig $entity */
foreach ($unsafe_extensions as $extension) {
$item = $this
->t('Review @type in <em>@field</em> field on @bundle', [
'@type' => $extension,
'@field' => $entity
->label(),
'@bundle' => $entity
->getTargetBundle(),
]);
// Try to get an edit url.
try {
$url_params = [
'field_config' => $entity
->id(),
];
if ($entity
->getTargetEntityTypeId() == 'node') {
$url_params['node_type'] = $entity
->getTargetBundle();
}
$items[] = Link::createFromRoute($item, sprintf('entity.field_config.%s_field_edit_form', $entity
->getTargetEntityTypeId()), $url_params);
} catch (RouteNotFoundException $e) {
$items[] = $item;
}
}
}
return [
'#theme' => 'check_evaluation',
'#paragraphs' => $paragraphs,
'#items' => $items,
];
}