/ - Diff - Club Drupal - Forge Centrale Marseille

drupal7/sites/all/modules/security_review/IGNOREME.txt
4	4	++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
5	5
6	6	20130923022437 - Your web server should not be able to write to your modules directory. This is a security vulnerable. Consult the Security Review file permissions check help for mitigation steps.
7		20131024102938 - Your web server should not be able to write to your modules directory. This is a security vulnerable. Consult the Security Review file permissions check help for mitigation steps.
8		20131024104044 - Your web server should not be able to write to your modules directory. This is a security vulnerable. Consult the Security Review file permissions check help for mitigation steps.
9		20131024104100 - Your web server should not be able to write to your modules directory. This is a security vulnerable. Consult the Security Review file permissions check help for mitigation steps.
	7	20140906124133 - Your web server should not be able to write to your modules directory. This is a security vulnerable. Consult the Security Review file permissions check help for mitigation steps.

drupal7/sites/all/modules/security_review/file_write_test.20131024102938
1		20131024102938 - Your web server should not be able to write to your modules directory. This is a security vulnerable. Consult the Security Review file permissions check help for mitigation steps.

drupal7/sites/all/modules/security_review/file_write_test.20131024104044
1		20131024104044 - Your web server should not be able to write to your modules directory. This is a security vulnerable. Consult the Security Review file permissions check help for mitigation steps.

drupal7/sites/all/modules/security_review/file_write_test.20131024104100
1		20131024104100 - Your web server should not be able to write to your modules directory. This is a security vulnerable. Consult the Security Review file permissions check help for mitigation steps.

      */
     // Include security_review.inc file for when invoked from outside the site.
     require_once __DIR__ . '/security_review.inc';
     include_once dirname(__FILE__) . '/security_review.inc';
     /**
      * Implementation of hook_drush_command().
-...
           'log' => 'Log results of each check to watchdog, defaults to off',
           'lastrun' => 'Do not run the checklist, just print last results',
           'check' => 'Comma-separated list of specified checks to run. See README.txt for list of options',
           'skip' => 'Invert behavior of --check. Run all checks except specified checks',
           'short' => "Short result messages instead of full description (e.g. 'Text formats').",
           'results' => 'Show the incorrect settings for failed checks.',
         ),
-...
      * Run checklist and display results command.
      */
     function security_review_drush() {
       if (!function_exists('security_review_get_checklist')) {
         return drush_set_error('REQUIREMENTS_ERROR', 'File security_review.inc is required to run the checklist.');
+      }
       // Retrieve the checklist.
       $checklist = security_review_get_checklist();
-...
         $store = $log = $lastrun = FALSE;
+      }
       $specific_checks = drush_get_option_list('check');
       $skip = drush_get_option('skip');
       $short_titles = drush_get_option('short');
       if (!empty($short_titles)) {
         $short_titles = TRUE;
-...
       if (!$lastrun) {
         if (!empty($specific_checks)) {
           // Run specified checks only.
           $new_checklist = array();
           // Get specified checks.
           $specific_checklist = array();
           foreach ($specific_checks as $check_name) {
             if (empty($check_name)) {
               continue; // Can happen if user puts space after comma.
-...
               $module = 'security_review';
+            }
             if (isset($checklist[$module][$check_name])) {
               $new_checklist[$module][$check_name] = $checklist[$module][$check_name];
               $specific_checklist[$module][$check_name] = $checklist[$module][$check_name];
+            }
+          }
           if ($skip) {
             // Run all checks except specified checks.
             foreach ($specific_checklist as $module => $checks) {
               foreach (array_keys($checks) as $check_name) {
                 unset($checklist[$module][$check_name]);
+              }
+            }
+          }
           $checklist = $new_checklist;
           else {
             // Run only specified checks.
             $checklist = $specific_checklist;
+          }
+        }
         else {
           // Unset file_perms of security_review because drush is running as a
-...
+      }
       elseif ($lastrun) {
         // Retrieve results from last run of the checklist.
         $results = db_query("SELECT namespace, reviewcheck, result, lastrun, skip, skiptime, skipuid FROM {security_review}");
         while($record = $results->fetchAssoc()) {
           $checks[] = $record;
+        }
         $results = security_review_get_stored_results();
         // Print results.
         if (!empty($checks)) {
           foreach ($checks as $check) {
             _security_review_drush_print_result($checklist[$check['namespace']][$check['reviewcheck']], $short_titles, $show_results);
         if (!empty($results)) {
           foreach ($results as $result) {
             if (isset($checklist[$result['namespace']][$result['reviewcheck']])) {
               $check = array_merge($result, $checklist[$result['namespace']][$result['reviewcheck']]);
               _security_review_drush_print_result($check, $short_titles, $show_results);
+            }
+          }
+        }
+      }

             case 'incorrect_htaccess':
                 $element['findings']['descriptions'][] = t("The .htaccess file exists but does not contain the correct content. It is possible it's been maliciously altered.");
                 break;
             case 'outdated_core':
                 $element['findings']['descriptions'][] = t("You are running a out-of-date Drupal installation that is vulnerable to arbitrary code execution via weak htaccess protection. Upgrade to the latest version of Drupal. See <a href='https://drupal.org/SA-CORE-2013-003'>SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities</a> for the full report.");
                 break;
             case 'writable_htaccess':
               $element['findings']['descriptions'][] = t("The .htaccess file is writeable which poses a risk should a malious user find a way to execute PHP code they could alter the htaccess file to allow further PHP code execution.");
               break;

         $result = FALSE;
         $check_result_value[] = 'missing_htaccess';
+      }
       elseif (!function_exists('file_htaccess_lines')) {
         $result = FALSE;
         $check_result_value[] = 'outdated_core';
+      }
       else {
         $contents = file_get_contents($directory . '/.htaccess');
         // Text from includes/file.inc.
         $expected = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
         if ($contents !== $expected) {
         $expected = file_htaccess_lines(FALSE);
         if (trim($contents) !== trim($expected)) {
           $result = FALSE;
           $check_result_value[] = 'incorrect_htaccess';
+        }

     description = "Site security and configuration review module."
     core = 7.x
     files[] = tests/security_review.test
     ; Information added by drupal.org packaging script on 2013-09-26
     version = "7.x-1.1"
     configure = admin/reports/security-review/settings
     ; Information added by Drupal.org packaging script on 2014-09-06
     version = "7.x-1.2"
     core = "7.x"
     project = "security_review"
     datestamp = "1380217584"
     datestamp = "1410036834"

       $header = t('Review results from last run !date', array('!date' => $date));
       $desc = t("Here you can review the results from the last run of the checklist. Checks are not always perfectly correct in their procedure and result. You can keep a check from running by clicking the 'Skip' link beside it. You can run the checklist again by expanding the fieldset above.");
       foreach ($checks as $check) {
         // Skip this iteration if the result has no matching item in the checklist.
         if (!isset($checklist[$check['namespace']][$check['reviewcheck']])) {
           continue;
+        }
         $message = $check['result'] ? $checklist[$check['namespace']][$check['reviewcheck']]['success'] : $checklist[$check['namespace']][$check['reviewcheck']]['failure'];
         $title = $check['result'] ? t('OK') : t('Error');
         $class = $check['skip'] ? 'info' : ($check['result'] ? 'ok' : 'error');
-...
         '#default_value' => variable_get('security_review_untrusted_roles', array_keys($defaults)),
       );
       $inactive_namespaces = array();
       // Report stored checks that aren't currently active.
       $checks = security_review_get_stored_results();
       foreach ($checks as $check) {
         if (!isset($checklist[$check['namespace']][$check['reviewcheck']])) {
           $inactive_namespaces[] = $check['namespace'];
+        }
+      }
       if (!empty($inactive_namespaces)) {
         $inactive_checks = implode(', ', $inactive_namespaces);
         $form['inactive_checks'] = array(
           '#prefix' => '<div class="messages warning">',
           '#suffix' => '</div>',
           '#markup' => t('Inactive checks are being stored under namespaces: %modules. Enabling associated modules may allow these checks to be run again. Inactive checks must be manually removed or uninstall and reinstall Security Review to clear all stored checks.', array('%modules' => $inactive_checks))
         );
+      }
       $form['security_review_adv'] = array(
         '#type' => 'fieldset',
         '#title' => t('Advanced'),
-...
       foreach ($checklist as $module => $checks) {
         foreach ($checks as $check_name => $check) {
           // Determine if check is being skipped.
           if (!empty($skipped) && array_key_exists($check_name, $skipped[$module])) {
           if (!empty($skipped) && isset($skipped[$module]) && array_key_exists($check_name, $skipped[$module])) {
             $values[] = $check_name;
             $label = t('!name <em>skipped by UID !uid on !date</em>', array('!name' => $check['title'], '!uid' => $skipped[$module][$check_name]['skipuid'], '!date' => format_date($skipped[$module][$check_name]['skiptime'])));
+          }
-...
+        }
         elseif (isset($check['callback'])) {
           if (isset($check['file'])) {
             $check_module = $module;
             // Handle Security Review defining checks for other modules.
             if (isset($check['module'])) {
               $module = $check['module'];
               $check_module = $check['module'];
+            }
             module_load_include('inc', $module, $check['file']);
             module_load_include('inc', $check_module, $check['file']);
+          }
           $function = $check['callback'] . '_help';
           if (function_exists($function)) {

     files[] = webform_validation.rules.inc
     files[] = webform_validation.validators.inc
     ; Information added by Drupal.org packaging script on 2014-08-28
     version = "7.x-1.6"
     ; Information added by Drupal.org packaging script on 2014-09-09
     version = "7.x-1.7"
     core = "7.x"
     project = "webform_validation"
     datestamp = "1409236433"
     datestamp = "1410296269"

           ),
           'description' => t('Verifies that a user-entered value contains at most the specified number of words.'),
         ),
         // Only available in Webform 4; removed below if not.
         'sum' => array(
           'name' => t('Adds up to'),
           'component_types' => array(
-...
         ),
       );
       // Only available in Webform 4.
       module_load_include('inc', 'webform', 'components/number');
       if (!function_exists('webform_compare_floats')) {
         unset($validators['sum']);
+      }
       if (module_exists('email_verify')) {
         $validators['email_verify'] = array(
           'name' => t('Email Verify'),
-...
           $compare_number = (float) preg_replace('/^[^0-9]+/', '', $rule['data']);
           // Parse the comparision operator and do comparison.
           module_load_include('inc', 'webform', 'includes/webform.conditionals');
           module_load_include('inc', 'webform', 'components/number');
           $error = FALSE;
           if (substr($rule['data'], 0, 2) === '<=') {
             if (!(webform_conditional_compare_floats($sum, $compare_number) <= 0)) {
             if (!(webform_compare_floats($sum, $compare_number) <= 0)) {
               $error = t('less than or equal to');
+            }
+          }
           elseif (substr($rule['data'], 0, 1) === '<') {
             if (!(webform_conditional_compare_floats($sum, $compare_number) < 0)) {
             if (!(webform_compare_floats($sum, $compare_number) < 0)) {
               $error = t('less than');
+            }
+          }
           elseif (substr($rule['data'], 0, 2) === '>=') {
             if (!(webform_conditional_compare_floats($sum, $compare_number) >= 0)) {
             if (!(webform_compare_floats($sum, $compare_number) >= 0)) {
               $error = t('greater than or equal to');
+            }
+          }
           elseif (substr($rule['data'], 0, 1) === '>') {
             if (!(webform_conditional_compare_floats($sum, $compare_number) > 0)) {
             if (!(webform_compare_floats($sum, $compare_number) > 0)) {
               $error = t('greater than');
+            }
+          }
           else {
             if (!(webform_conditional_compare_floats($sum, $compare_number) === 0)) {
             if (!(webform_compare_floats($sum, $compare_number) === 0)) {
               $error = t('exactly');
+            }
+          }

Projet

Général

Profil

Club Drupal

Révision bb746689

Ajouté par Assos Assos il y a plus de 9 ans