function shield_set_status in Shield 7
Sets the shield status.
If a status is passed in, then that will be used. Otherwise this function will fall-back on its in-built logic for determining if a page should be shielded.
Modules wishing to have an impact on the shield status need to have a low enough weight so that they set the status before shield_boot is called.
We do it this way because calling drupal_alter() in hook_boot seems to have bad side-effects.
Parameters
$status: A boolean to set the current page should protected by shield module.
Return value
A boolean to protect the current page or not.
1 call to shield_set_status()
- shield_get_status in ./
shield.module - Determines whether or not the current request will be protected.
File
- ./
shield.module, line 55 - Functions for shield module
Code
function shield_set_status($status = NULL) {
$stored_status =& drupal_static(__FUNCTION__);
if (isset($status)) {
$stored_status = $status;
}
// Force shield to be disabled in the following cases:
// - there are no shield credentials set
// - OR we're allowing Drush to bypass Shield
// - OR Shield is disabled via the GUI
// - OR the remote address is in the white list
$user = variable_get('shield_user', '');
$cli = drupal_is_cli() && variable_get('shield_allow_cli', 1);
$enabled = variable_get('shield_enabled', 1);
$addresses = explode("\r\n", variable_get('shield_ignored_addresses', ''));
$server_address = isset($_SERVER[variable_get('shield_remote_address', 'REMOTE_ADDR')]) ? $_SERVER[variable_get('shield_remote_address', 'REMOTE_ADDR')] : FALSE;
if ($addresses && $server_address && array_search($server_address, $addresses) !== FALSE) {
$enabled_address = TRUE;
}
else {
$enabled_address = FALSE;
}
if (!$user || $cli || !$enabled || $enabled_address) {
$stored_status = FALSE;
}
// Return status if it's been set.
if (isset($stored_status)) {
return $stored_status;
}
// If our status hasn't already been set by something, then determine status.
$stored_status = TRUE;
$paths = variable_get('shield_paths', '');
$page_match = FALSE;
// Compare paths, if any have been set.
if (!empty($paths)) {
require_once DRUPAL_ROOT . '/includes/unicode.inc';
require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc');
require_once DRUPAL_ROOT . '/includes/locale.inc';
require_once DRUPAL_ROOT . '/includes/language.inc';
drupal_language_initialize();
$pages = drupal_strtolower($paths);
$path = drupal_strtolower(drupal_get_path_alias($_GET['q']));
// The path does not hit Drupal's index.php but bootstrapped. For example
// cron.php update.php etc. The code stolen from core's request_path().
$request_uri = request_uri();
if (empty($path) && isset($request_uri)) {
// Extract the path from REQUEST_URI.
$request_path = strtok($request_uri, '?');
$base_path_len = strlen(rtrim(dirname($_SERVER['SCRIPT_NAME']), '\\/'));
// Unescape and strip $base_path prefix, leaving path without a leading slash.
$path = substr(urldecode($request_path), $base_path_len + 1);
// Under certain conditions Apache's RewriteRule directive prepends the value
// assigned to $_GET['q'] with a slash. Moreover we can always have a trailing
// slash in place, hence we need to normalize $path.
$path = trim($path, '/');
}
// Compare the lowercase internal and lowercase path alias (if any).
$page_match = drupal_match_path($path, $pages);
if ($path != $_GET['q']) {
$page_match = $page_match || drupal_match_path($_GET['q'], $pages);
}
}
// Enable shield or not, depending on shield_method.
$method = variable_get('shield_method', 1);
switch ($method) {
case 1:
// Exclude matched paths from shield protection.
if ($page_match) {
$stored_status = FALSE;
}
break;
case 2:
// Exclude all un-matched paths from shield protection.
if (!$page_match) {
$stored_status = FALSE;
}
break;
}
return $stored_status;
}