'script',
'PHP' => '?php',
];
// Load all of the entities.
$entities = [];
$bundle_info = $this->entityManager()->getAllBundleInfo();
foreach ($bundle_info as $entity_type_id => $bundles) {
$current = $this->entityManager()
->getStorage($entity_type_id)
->loadMultiple();
$entities = array_merge($entities, $current);
}
// Search for text fields.
$text_items = [];
foreach ($entities as $entity) {
if ($entity instanceof FieldableEntityInterface) {
/** @var FieldableEntityInterface $entity */
foreach ($entity->getFields() as $field_list) {
foreach ($field_list as $field_item) {
if ($field_item instanceof TextItemBase) {
/** @var TextItemBase $item */
// Text field found.
$text_items[] = $field_item;
}
}
}
}
}
// Scan the text items for vulnerabilities.
foreach ($text_items as $item) {
$entity = $item->getEntity();
foreach ($item->getProperties() as $property) {
/** @var TypedDataInterface $property */
$value = $property->getValue();
if (is_string($value)) {
$field_name = $item->getFieldDefinition()->getLabel();
foreach ($tags as $vulnerability => $tag) {
if (strpos($value, '<' . $tag) !== FALSE) {
// Vulnerability found.
$findings[$entity->getEntityTypeId()][$entity->id()][$field_name][] = $vulnerability;
}
}
}
}
}
if (!empty($findings)) {
$result = CheckResult::FAIL;
}
return $this->createResult($result, $findings);
}
/**
* {@inheritdoc}
*/
public function help() {
$paragraphs = [];
$paragraphs[] = $this->t('Script and PHP code in content does not align with Drupal best practices and may be a vulnerability if an untrusted user is allowed to edit such content. It is recommended you remove such contents.');
return [
'#theme' => 'check_help',
'#title' => $this->t('Dangerous tags in content'),
'#paragraphs' => $paragraphs,
];
}
/**
* {@inheritdoc}
*/
public function evaluate(CheckResult $result) {
$findings = $result->findings();
if (empty($findings)) {
return [];
}
$paragraphs = [];
$paragraphs[] = $this->t('The following items potentially have dangerous tags.');
$items = [];
foreach ($findings as $entity_type_id => $entities) {
foreach ($entities as $entity_id => $fields) {
$entity = $this->entityManager()
->getStorage($entity_type_id)
->load($entity_id);
foreach ($fields as $field => $finding) {
$url = $entity->toUrl('edit-form');
if ($url === NULL) {
$url = $entity->toUrl();
}
$items[] = $this->t(
'@vulnerabilities found in @field field of @label',
[
'@vulnerabilities' => implode(' and ', $finding),
'@field' => $field,
'@label' => $entity->label(),
':url' => $url->toString(),
]
);
}
}
}
return [
'#theme' => 'check_evaluation',
'#paragraphs' => $paragraphs,
'#items' => $items,
];
}
/**
* {@inheritdoc}
*/
public function evaluatePlain(CheckResult $result) {
$findings = $result->findings();
if (empty($findings)) {
return '';
}
$output = '';
foreach ($findings as $entity_type_id => $entities) {
foreach ($entities as $entity_id => $fields) {
$entity = $this->entityManager()
->getStorage($entity_type_id)
->load($entity_id);
foreach ($fields as $field => $finding) {
$url = $entity->toUrl('edit-form');
if ($url === NULL) {
$url = $entity->toUrl();
}
$output .= "\t" . $this->t(
'@vulnerabilities in @field of :link',
[
'@vulnerabilities' => implode(' and ', $finding),
'@field' => $field,
':link' => $url->toString(),
]
) . "\n";
}
}
}
return $output;
}
/**
* {@inheritdoc}
*/
public function getMessage($result_const) {
switch ($result_const) {
case CheckResult::SUCCESS:
return $this->t('Dangerous tags were not found in any submitted content (fields).');
case CheckResult::FAIL:
return $this->t('Dangerous tags were found in submitted content (fields).');
default:
return $this->t('Unexpected result.');
}
}
}