Index: filter.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/filter/filter.install,v
retrieving revision 1.9
diff -u -p -r1.9 filter.install
--- filter.install 14 Apr 2008 17:48:37 -0000 1.9
+++ filter.install 17 Oct 2008 19:48:36 -0000
@@ -99,6 +99,42 @@ function filter_schema() {
}
/**
+ * Implementation of hook_requirements().
+ *
+ * Display error messages for sites which allow open registration
+ * and permit anonymous users to use unfiltered html or the PHP filter.
+ */
+function filter_requirements($phase) {
+ if ($phase == 'runtime' && variable_get('user_register', 1)) {
+ $requirements = array();
+ $formats = filter_formats();
+ foreach ($formats as $id => $format) {
+ if (strstr($format->roles, ",1,") || variable_get('filter_default_format', 1) == $format->format) {
+ $filtered = db_result(db_query("SELECT fid FROM {filters} WHERE format = %d AND module = 'filter' AND delta = 0", $format->format));
+ if (!$filtered) {
+ $requirements['filter_html'] = array(
+ 'title' => t('HTML Filtration'),
+ 'value' => t('Insecure'),
+ 'description' => t('Anonymous users have access to an input filter which does not filter their HTML tags. This is a security problem. You should modify your filters.', array('@input-filters' => url('admin/settings/filters'))),
+ 'severity' => REQUIREMENT_ERROR,
+ );
+ }
+ $php = db_result(db_query("SELECT fid FROM {filters} WHERE format = %d AND module = 'php'", $format->format));
+ if ($php) {
+ $requirements['filter_php'] = array(
+ 'title' => t('PHP Input Filter'),
+ 'value' => t('Insecure'),
+ 'description' => t('Anonymous users have access to an input filter which allows PHP code. This is a security problem. You should modify your filters.', array('@input-filters' => url('admin/settings/filters'))),
+ 'severity' => REQUIREMENT_ERROR,
+ );
+ }
+ }
+ }
+ return $requirements;
+ }
+}
+
+/**
* Add a weight column to the filter formats table.
*/
function filter_update_7000() {