function webform_update_8192 in Webform 6.x
Same name and namespace in other branches
- 8.5 includes/webform.install.update.inc \webform_update_8192()
Unsafe HMAC construction.
File
- includes/
webform.install.update.inc, line 3673 - Archived Webform update hooks.
Code
function webform_update_8192() {
// Check if the webform directory exists.
$webform_uri = 'public://webform';
if (!\Drupal::service('file_system')
->prepareDirectory($webform_uri)) {
return NULL;
}
$invalid_signatures = [];
$files = \Drupal::service('file_system')
->scanDirectory('public://webform/', '/signature-/');
foreach ($files as $file) {
$value = file_get_contents($file->uri);
$value = 'data:image/png;base64,' . base64_encode($value);
if (WebformSignatureElement::isSignatureValid($value)) {
continue;
}
// Get invalid signature's submission id.
if (preg_match('#public://webform/[a-z0-9_]+/signature/(\\d+)/#', $file->uri, $match)) {
$invalid_signatures[] = $match[1];
}
// Delete invalid invalid signature file.
\Drupal::service('file_system')
->delete($file->uri);
}
// Exit if all signatures are valid.
if (!$invalid_signatures) {
return NULL;
}
// Load invalid signature's submissions.
$webform_submissions = WebformSubmission::loadMultiple($invalid_signatures);
if (!$webform_submissions) {
return NULL;
}
// Return plain text or HTML notice.
if (PHP_SAPI === 'cli') {
$text = t('Invalid signature file detected and deleted. (@see @url)', [
'@url' => 'https://www.drupal.org/security/psa',
]) . PHP_EOL;
foreach ($webform_submissions as $webform_submission) {
$text .= '- ' . $webform_submission
->label() . ' (' . $webform_submission
->toUrl()
->setAbsolute()
->toString() . ')' . PHP_EOL;
}
return $text;
}
else {
$links = [];
foreach ($webform_submissions as $webform_submission) {
$links[] = $webform_submission
->toLink()
->toRenderable();
}
$t_args = [
':href' => 'https://www.drupal.org/security/psa',
];
$build = [
'title' => [
'#markup' => t('Invalid signature file detected and deleted. (@see <a href=":href">PSA-XXXXX</a>)', $t_args),
],
'links' => [
'#theme' => 'item_list',
'#items' => $links,
],
];
return \Drupal::service('renderer')
->renderPlain($build);
}
}