public function UploadExtensions::help in Security Review 8
Returns the check-specific help page.
Return value
array The render array of the check's help page.
Overrides Check::help
File
- src/
Checks/ UploadExtensions.php, line 74
Class
- UploadExtensions
- Checks for unsafe extensions in the allowed extensions settings of fields.
Namespace
Drupal\security_review\ChecksCode
public function help() {
$paragraphs = [];
$paragraphs[] = $this
->t('File and image fields allow for uploaded files. Some extensions are considered dangerous because the files can be evaluated and then executed in the browser. A malicious user could use this opening to gain control of your site. Review <a href=":url">all fields on your site</a>.', [
':url' => Url::fromRoute('entity.field_storage_config.collection')
->toString(),
]);
return [
'#theme' => 'check_help',
'#title' => 'Allowed upload extensions',
'#paragraphs' => $paragraphs,
];
}