5 * Contains \Drupal\security_review\Controller\HelpController.
8 namespace Drupal\security_review\Controller;
10 use Drupal\Core\Controller\ControllerBase;
12 use Drupal\security_review\Checklist;
13 use Drupal\security_review\CheckResult;
14 use Drupal\security_review\SecurityReview;
15 use Symfony\Component\DependencyInjection\ContainerInterface;
16 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
19 * The class of the Help pages' controller.
21 class HelpController extends ControllerBase {
24 * The security_review.checklist service.
26 * @var \Drupal\security_review\Checklist
31 * The security_review service.
33 * @var \Drupal\security_review\SecurityReview
35 protected $securityReview;
38 * Constructs a HelpController.
40 * @param \Drupal\security_review\SecurityReview $security_review
41 * The security_review service.
42 * @param \Drupal\security_review\Checklist $checklist
43 * The security_review.checklist service.
45 public function __construct(SecurityReview $security_review, Checklist $checklist) {
46 // Store the dependencies.
47 $this->checklist = $checklist;
48 $this->securityReview = $security_review;
54 public static function create(ContainerInterface $container) {
56 $container->get('security_review'),
57 $container->get('security_review.checklist')
62 * Serves as an entry point for the help pages.
64 * @param string|NULL $namespace
65 * The namespace of the check (null if general page).
66 * @param string $title
67 * The name of the check.
70 * The requested help page.
72 public function index($namespace, $title) {
73 // If no namespace is set, print the general help page.
74 if ($namespace === NULL) {
75 return $this->generalHelp();
78 // Print check-specific help.
79 return $this->checkHelp($namespace, $title);
83 * Returns the general help page.
86 * The general help page.
88 private function generalHelp() {
91 // Print the general help.
92 $paragraphs[] = $this->t('You should take the security of your site very seriously. Fortunately, Drupal is fairly secure by default. The Security Review module automates many of the easy-to-make mistakes that render your site insecure, however it does not automatically make your site impenetrable. You should give care to what modules you install and how you configure your site and server. Be mindful of who visits your site and what features you expose for their use.');
93 $paragraphs[] = $this->t('You can read more about securing your site in the <a href="http://drupal.org/security/secure-configuration">drupal.org handbooks</a> and on <a href="http://crackingdrupal.com">CrackingDrupal.com</a>. There are also additional modules you can install to secure or protect your site. Be aware though that the more modules you have running on your site the greater (usually) attack area you expose.');
94 $paragraphs[] = $this->t('<a href="http://drupal.org/node/382752">Drupal.org Handbook: Introduction to security-related contrib modules</a>');
96 // Print the list of security checks with links to their help pages.
98 foreach ($this->checklist->getChecks() as $check) {
99 // Get the namespace array's reference.
100 $check_namespace = &$checks[$check->getMachineNamespace()];
102 // Set up the namespace array if not set.
103 if (!isset($check_namespace)) {
104 $check_namespace['namespace'] = $check->getNamespace();
105 $check_namespace['check_links'] = [];
108 // Add the link pointing to the check-specific help.
109 $check_namespace['check_links'][] = $this->l(
110 $this->t('@title', ['@title' => $check->getTitle()]),
111 Url::fromRoute('security_review.help', [
112 'namespace' => $check->getMachineNamespace(),
113 'title' => $check->getMachineTitle(),
119 '#theme' => 'general_help',
120 '#paragraphs' => $paragraphs,
121 '#checks' => $checks,
126 * Returns a check-specific help page.
128 * @param string $namespace
129 * The namespace of the check.
130 * @param string $title
131 * The name of the check.
134 * The check's help page.
136 * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
137 * If the check is not found.
139 private function checkHelp($namespace, $title) {
140 // Get the requested check.
141 $check = $this->checklist->getCheck($namespace, $title);
143 // If the check doesn't exist, throw 404.
144 if ($check == NULL) {
145 throw new NotFoundHttpException();
148 // Print the help page.
150 $output[] = $check->help();
152 // If the check is skipped print the skip message, else print the
154 if ($check->isSkipped()) {
156 if ($check->skippedBy() != NULL) {
158 $check->skippedBy()->getUsername(),
159 $check->skippedBy()->urlInfo()
166 $skip_message = $this->t(
167 'Check marked for skipping on @date by @user',
169 '@date' => format_date($check->skippedOn()),
176 '#markup' => "<p>$skip_message</p>",
180 // Evaluate last result, if any.
181 $last_result = $check->lastResult(TRUE);
182 if ($last_result instanceof CheckResult) {
186 '#markup' => '<div />',
190 $output[] = $check->evaluate($last_result);
194 // Return the completed page.