You are here

Home » API reference » Webform 6.x » webform.install.update.inc

function webform_update_8192 in Webform 6.x

Same name and namespace in other branches
  1. 8.5 includes/webform.install.update.inc \webform_update_8192()

Unsafe HMAC construction.

File

includes/webform.install.update.inc, line 3673
Archived Webform update hooks.

Code

function webform_update_8192() {

  // Check if the webform directory exists.
  $webform_uri = 'public://webform';
  if (!\Drupal::service('file_system')
    ->prepareDirectory($webform_uri)) {
    return NULL;
  }
  $invalid_signatures = [];
  $files = \Drupal::service('file_system')
    ->scanDirectory('public://webform/', '/signature-/');
  foreach ($files as $file) {
    $value = file_get_contents($file->uri);
    $value = 'data:image/png;base64,' . base64_encode($value);
    if (WebformSignatureElement::isSignatureValid($value)) {
      continue;
    }

    // Get invalid signature's submission id.
    if (preg_match('#public://webform/[a-z0-9_]+/signature/(\\d+)/#', $file->uri, $match)) {
      $invalid_signatures[] = $match[1];
    }

    // Delete invalid invalid signature file.
    \Drupal::service('file_system')
      ->delete($file->uri);
  }

  // Exit if all signatures are valid.
  if (!$invalid_signatures) {
    return NULL;
  }

  // Load invalid signature's submissions.
  $webform_submissions = WebformSubmission::loadMultiple($invalid_signatures);
  if (!$webform_submissions) {
    return NULL;
  }

  // Return plain text or HTML notice.
  if (PHP_SAPI === 'cli') {
    $text = t('Invalid signature file detected and deleted. (@see @url)', [
      '@url' => 'https://www.drupal.org/security/psa',
    ]) . PHP_EOL;
    foreach ($webform_submissions as $webform_submission) {
      $text .= '- ' . $webform_submission
        ->label() . ' (' . $webform_submission
        ->toUrl()
        ->setAbsolute()
        ->toString() . ')' . PHP_EOL;
    }
    return $text;
  }
  else {
    $links = [];
    foreach ($webform_submissions as $webform_submission) {
      $links[] = $webform_submission
        ->toLink()
        ->toRenderable();
    }
    $t_args = [
      ':href' => 'https://www.drupal.org/security/psa',
    ];
    $build = [
      'title' => [
        '#markup' => t('Invalid signature file detected and deleted. (@see <a href=":href">PSA-XXXXX</a>)', $t_args),
      ],
      'links' => [
        '#theme' => 'item_list',
        '#items' => $links,
      ],
    ];
    return \Drupal::service('renderer')
      ->renderPlain($build);
  }
}