Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I recently was looking at a site someone else set up and which had some major nuisances. Amongst those, I found that Mollom wasn't doing anything. After fixing them, I wrote some additional checks for the Security Review module. Some could be incorporated into the Mollom module.
/**
* @file
* Custom Security Policy checks for the Security Review module.
*/
/**
* Implements hook_security_checks() on behalf of the Mollom module.
*/
function mollom_security_checks() {
$checks = array();
$checks["mollom_setup"] = array(
'title' => "Mollom Setup",
'callback' => 'mollom_security_setup',
'success' => 'Mollom setup is okay.',
'failure' => 'Mollom is enabled, but not fully set up.',
);
$checks["mollom_test"] = array(
'title' => "Mollom Test Mode",
'callback' => 'mollom_security_test',
'success' => 'Mollom is operating in normal mode.',
'failure' => 'Mollom is enabled, but is operating in test mode.',
);
$checks["mollom_forms"] = array(
'title' => "Mollom Form Protection",
'callback' => 'mollom_security_forms',
'success' => 'Mollom is protecting some forms.',
'failure' => 'Mollom is enabled, but is not protecting any forms.',
);
return array('mollom' => $checks);
}
/**
* Security_review callback function.
*/
function mollom_security_forms() {
$ret = TRUE;
$check_result_value = array(t('The Mollom module is operating but not protecting any forms.
You may receive spam postings and users.'));
$result = db_query('SELECT form_id FROM {mollom_form}')->fetchCol();
$ret = (count($result) > 0);
return array('result' => $ret, 'value' => $check_result_value);
}
function mollom_security_forms_help($check = NULL, $skipped_message = NULL) {
$element = array(
'title' => t('Mollom Test Mode'),
'descriptions' => array(),
'findings' => array(
'descriptions' => array(),
'items' => array(),
),
);
$element['descriptions'][] = t('The Mollom module can "watch" specified forms and take action to minimize spam.
It is good practice to protect the user registration form if it is open to users registering themselves.
Protecting any user-submitted forms (e.g. comments) is also considered good practice.');
$element['descriptions'][] = l(t('Mollom settings'), 'admin/config/content/mollom');
if (!empty($skipped_message)) {
$element['findings']['descriptions'][] = $skipped_message;
}
else {
if ($check && $check['result'] == FALSE) {
foreach ($check['value'] as $value) {
$element['findings']['items'][] = array('safe' => $value, 'raw' => $value);
}
}
else {
$result = db_query('SELECT form_id, mode FROM {mollom_form}')->fetchAllKeyed();
$modes = array(
MOLLOM_MODE_ANALYSIS => t('Text analysis'),
MOLLOM_MODE_CAPTCHA => t('CAPTCHA'),
);
if ($result) {
$list = array();
foreach ($result as $form_id => $mode) {
$list[] = t('@form_id (@mode)',
array('@form_id' => $form_id, '@mode' => $modes[$mode]));
}
$element['findings']['descriptions'][] = t('The following forms are subject to Mollom protection:');
$element['findings']['items'] = $list;
}
}
}
return $element;
}
/**
* Security_review callback function.
*/
function mollom_security_test() {
$ret = TRUE;
$check_result_value = array(t('The Mollom module is operating on test mode.
Your spam statistics may not be accurate.'));
$ret = !variable_get('mollom_testing_mode', 0);
return array('result' => $ret, 'value' => $check_result_value);
}
function mollom_security_test_help($check = NULL, $skipped_message = NULL) {
$element = array(
'title' => t('Mollom Test Mode'),
'descriptions' => array(),
'findings' => array(
'descriptions' => array(),
'items' => array(),
),
);
$element['descriptions'][] = t('Submitting "ham", "unsure", or "spam" on a protected form will trigger the
corresponding behavior, and similarly, word verifications will only respond to "correct" and "incorrect",
instead of the actual characters asked for.
This option should be disabled in production environments.');
$element['descriptions'][] = l(t('Mollom settings'), 'admin/config/content/mollom/settings');
if (!empty($skipped_message)) {
$element['findings']['descriptions'][] = $skipped_message;
}
else {
if ($check && $check['result'] == FALSE) {
foreach ($check['value'] as $value) {
$element['findings']['items'][] = array('safe' => $value, 'raw' => $value);
}
}
else {
$roles = user_roles(FALSE, 'administer mollom');
if ($roles) {
$element['findings']['descriptions'][] = t('The following roles may aminister Mollom protection:');
$element['findings']['items'] = $roles;
}
}
}
return $element;
}
/**
* Security_review callback function.
*/
function mollom_security_setup() {
$ret = TRUE;
$check_result_value = array(t('The Mollom module is available but it is not protecting this site.
You may get spam.'));
$status = _mollom_status(FALSE);
if ($status !== TRUE) {
// Uh, oh, Mollom is not correctly set up.
$ret = FALSE;
}
return array('result' => $ret, 'value' => $check_result_value);
}
/**
* Help page for security_review.
*/
function mollom_security_setup_help($check = NULL, $skipped_message = NULL) {
$element = array(
'title' => t('Mollom Setup'),
'descriptions' => array(),
'findings' => array(
'descriptions' => array(),
'items' => array(),
),
);
$element['descriptions'][] = t('The Mollom module connects to the Mollom anti-spam service.
It analyzes the text of specified forms or supplies a CAPTCHA challenge to help protect
your site from spam.');
$element['descriptions'][] = l(t('Mollom settings'), 'admin/config/content/mollom/settings');
if (!empty($skipped_message)) {
$element['findings']['descriptions'][] = $skipped_message;
}
else {
if ($check && $check['result'] == FALSE) {
foreach ($check['value'] as $value) {
$element['findings']['items'][] = array('safe' => $value, 'raw' => $value);
}
}
else {
$roles = user_roles(FALSE, 'bypass mollom protection');
if ($roles) {
$element['findings']['descriptions'][] = t('The following roles may bypass Mollom protection:');
$element['findings']['items'] = $roles;
}
}
}
}
