| 1 |
<?php
|
| 2 |
// $Id: paranoia.module,v 1.6 2007/05/22 17:45:14 killes Exp $
|
| 3 |
/**
|
| 4 |
* @file
|
| 5 |
* - Disables PHP block visibility permission and gives status error if a role has this permission.
|
| 6 |
* - Disables the PHP module.
|
| 7 |
* - Hides the PHP and paranoia modules from the modules page.
|
| 8 |
*/
|
| 9 |
|
| 10 |
|
| 11 |
/**
|
| 12 |
* Implementation of hook_form_alter().
|
| 13 |
*/
|
| 14 |
function paranoia_form_alter(&$form, $form_state, $form_id) {
|
| 15 |
switch ($form_id) {
|
| 16 |
case 'user_admin_perm': // Disable PHP Blocks
|
| 17 |
unset($form['permission']['use PHP for block visibility']);
|
| 18 |
foreach (element_children($form['checkboxes']) as $rid) {
|
| 19 |
foreach ($form['checkboxes'][$rid]['#default_value'] as $key => $value) {
|
| 20 |
if ($value == 'use PHP for block visibility') {
|
| 21 |
}
|
| 22 |
}
|
| 23 |
unset($form['checkboxes'][$rid]['#options']['use PHP for block visibility']);
|
| 24 |
}
|
| 25 |
break;
|
| 26 |
|
| 27 |
case 'system_modules': // Hide Paranoia and PHP modules from module admin form
|
| 28 |
$hidden_modules = module_invoke_all('paranoia_hide');
|
| 29 |
foreach($hidden_modules as $module){
|
| 30 |
_paranoia_hide_module($form, $module);
|
| 31 |
}
|
| 32 |
break;
|
| 33 |
}
|
| 34 |
}
|
| 35 |
|
| 36 |
/**
|
| 37 |
* Remove a module from the module administration form.
|
| 38 |
*/
|
| 39 |
function _paranoia_hide_module(&$form, $module){
|
| 40 |
unset(
|
| 41 |
$form['validation_modules']['#value'][$module],
|
| 42 |
$form['name'][$module],
|
| 43 |
$form['version'][$module],
|
| 44 |
$form['description'][$module],
|
| 45 |
$form['throttle'][$module],
|
| 46 |
$form['throttle']['#options'][$module],
|
| 47 |
$form['status']['#options'][$module]
|
| 48 |
);
|
| 49 |
}
|
| 50 |
|
| 51 |
/**
|
| 52 |
* Implementation of hook_requirements().
|
| 53 |
*/
|
| 54 |
function paranoia_requirements($phase) {
|
| 55 |
$requirements = array();
|
| 56 |
if ($phase == 'runtime') {
|
| 57 |
// Ensure that no roles have permission to use PHP for block visibility.
|
| 58 |
module_load_include('inc', 'user', 'user.admin');
|
| 59 |
$form = user_admin_perm($form_state);
|
| 60 |
foreach (element_children($form['checkboxes']) as $rid) {
|
| 61 |
if (in_array('use PHP for block visibility', $form['checkboxes'][$rid]['#default_value'])) {
|
| 62 |
$requirements['paranoia'] = array(
|
| 63 |
'title' => t('Paranoia'),
|
| 64 |
'description' => t('A user role has permission to use PHP for block visibility. Resubmit your <a href="@admin/user/permissions">user permissions</a> to close this security hole.', array('@admin/user/permissions' => url('admin/user/permissions'))),
|
| 65 |
'severity' => REQUIREMENT_ERROR,
|
| 66 |
);
|
| 67 |
}
|
| 68 |
}
|
| 69 |
// Ensure the PHP module is not enabled.
|
| 70 |
if (module_exists('php')) {
|
| 71 |
$requirements['paranoia_php'] = array(
|
| 72 |
'title' => t('Paranoia'),
|
| 73 |
'description' => t('The PHP module is enabled. This module should be disabled (but paranoia module prevents it from showing in the module admin form). It may have been enabled in the database, circumventing the effectiveness of paranoia module.'),
|
| 74 |
'severity' => REQUIREMENT_ERROR,
|
| 75 |
);
|
| 76 |
}
|
| 77 |
}
|
| 78 |
return $requirements;
|
| 79 |
}
|
| 80 |
|
| 81 |
/**
|
| 82 |
* Implementation of hook_paranoia_hide().
|
| 83 |
*/
|
| 84 |
function paranoia_paranoia_hide() {
|
| 85 |
return array('php', 'paranoia');
|
| 86 |
}
|
Parent Directory
| 
Revision Log
| 
Revision Graph