function services_views_insecure_view_displays_report in Services Views 7
Page callback for the Insecure View Displays Report.
1 string reference to 'services_views_insecure_view_displays_report'
- services_views_menu in ./
services_views.module - Implements hook_menu().
File
- ./
services_views.module, line 473 - Provides a generic but powerful API for web services.
Code
function services_views_insecure_view_displays_report() {
$rows = array();
foreach (views_get_enabled_views() as $view_name => $view) {
$displays = array();
foreach ($view->display as $view_display_name => $display) {
if (!empty($display->display_options) && !empty($display->display_options['access']) && $display->display_options['access']['type'] == 'none') {
$displays[] = check_plain($display->display_title);
}
}
if (!empty($displays)) {
$rows[$view_name] = array(
'view' => l(check_plain($view->human_name), "admin/structure/views/view/{$view_name}"),
'displays' => implode(', ', $displays),
);
}
}
ksort($rows);
return array(
'header' => array(
'#markup' => "<div class='messages warning'>" . t('This report contains all the views displays that currently have their access property set to "none". This, coupled with the Services Views "views: retrieve" resource can potentially unintentionally leak information because certain view display types (such as block and panel pane displays) do not have a direct route to the display be default. Additionally, other forms of access control on these view types are typically used via a "wrapping" module. Consider adding an access restriction to each of these displays if possible.') . "</div>",
),
'table' => array(
'#theme' => 'table',
'#header' => array(
t('View'),
t('Displays'),
),
'#rows' => $rows,
'#empty' => t('There are no insecure view displays.'),
'#sticky' => TRUE,
),
);
}