- }
- }
-
- // Scan the text items for vulnerabilities.
- foreach ($text_items as $item) {
- $entity = $item->getEntity();
- foreach ($item->getProperties() as $property) {
- /** @var TypedDataInterface $property */
- $value = $property->getValue();
- if (is_string($value)) {
- $field_name = $item->getFieldDefinition()->getLabel();
- foreach ($tags as $vulnerability => $tag) {
- if (strpos($value, '<' . $tag) !== FALSE) {
- // Vulnerability found.
- $findings[$entity->getEntityTypeId()][$entity->id()][$field_name][] = $vulnerability;
+ $field_storage_definition = $field_storage_definitions[$field_name];
+ if (in_array($field_storage_definition->getType(), $field_types)) {
+ if ($field_storage_definition instanceof FieldStorageConfig) {
+ $table = $entity_type_id . '__' . $field_name;
+ $separator = '_';
+ $id = 'entity_id';
+ }
+ else {
+ $table = $entity_type_id . '_field_data';
+ $separator = '__';
+ $id = $entity_type_manager->getDefinition($entity_type_id)->getKey('id');
+ }
+ $rows = \Drupal::database()->select($table, 't')
+ ->fields('t')
+ ->execute()
+ ->fetchAll();
+ foreach ($rows as $row) {
+ foreach (array_keys($field_storage_definition->getSchema()['columns']) as $column) {
+ $column_name = $field_name . $separator . $column;
+ foreach ($tags as $vulnerability => $tag) {
+ if (strpos($row->{$column_name}, '<' . $tag) !== FALSE) {
+ // Vulnerability found.
+ $findings[$entity_type_id][$row->{$id}][$field_name][] = $vulnerability;
+ }
+ }