security update core+modules
This commit is contained in:
Bachir Soussi Chiadmi
@@ -4,16 +4,16 @@
|
||||
* @file
|
||||
* Administrative script for running authorized file operations.
|
||||
*
|
||||
* Using this script, the site owner (the user actually owning the files on
|
||||
* the webserver) can authorize certain file-related operations to proceed
|
||||
* with elevated privileges, for example to deploy and upgrade modules or
|
||||
* themes. Users should not visit this page directly, but instead use an
|
||||
* administrative user interface which knows how to redirect the user to this
|
||||
* script as part of a multistep process. This script actually performs the
|
||||
* selected operations without loading all of Drupal, to be able to more
|
||||
* gracefully recover from errors. Access to the script is controlled by a
|
||||
* global killswitch in settings.php ('allow_authorize_operations') and via
|
||||
* the 'administer software updates' permission.
|
||||
* Using this script, the site owner (the user actually owning the files on the
|
||||
* webserver) can authorize certain file-related operations to proceed with
|
||||
* elevated privileges, for example to deploy and upgrade modules or themes.
|
||||
* Users should not visit this page directly, but instead use an administrative
|
||||
* user interface which knows how to redirect the user to this script as part of
|
||||
* a multistep process. This script actually performs the selected operations
|
||||
* without loading all of Drupal, to be able to more gracefully recover from
|
||||
* errors. Access to the script is controlled by a global killswitch in
|
||||
* settings.php ('allow_authorize_operations') and via the 'administer software
|
||||
* updates' permission.
|
||||
*
|
||||
* There are helper functions for setting up an operation to run via this
|
||||
* system in modules/system/system.module. For more information, see:
|
||||
@@ -21,16 +21,17 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* Root directory of Drupal installation.
|
||||
* Defines the root directory of the Drupal installation.
|
||||
*/
|
||||
define('DRUPAL_ROOT', getcwd());
|
||||
|
||||
/**
|
||||
* Global flag to identify update.php and authorize.php runs, and so
|
||||
* avoid various unwanted operations, such as hook_init() and
|
||||
* hook_exit() invokes, css/js preprocessing and translation, and
|
||||
* solve some theming issues. This flag is checked on several places
|
||||
* in Drupal code (not just authorize.php).
|
||||
* Global flag to identify update.php and authorize.php runs.
|
||||
*
|
||||
* Identifies update.php and authorize.php runs, avoiding unwanted operations
|
||||
* such as hook_init() and hook_exit() invokes, css/js preprocessing and
|
||||
* translation, and solves some theming issues. The flag is checked in other
|
||||
* places in Drupal code (not just authorize.php).
|
||||
*/
|
||||
define('MAINTENANCE_MODE', 'update');
|
||||
|
||||
@@ -51,7 +52,7 @@ function authorize_access_denied_page() {
|
||||
* have access to the 'administer software updates' permission.
|
||||
*
|
||||
* @return
|
||||
* TRUE if the current user can run authorize.php, otherwise FALSE.
|
||||
* TRUE if the current user can run authorize.php, and FALSE if not.
|
||||
*/
|
||||
function authorize_access_allowed() {
|
||||
return variable_get('allow_authorize_operations', TRUE) && user_access('administer software updates');
|
||||
|
||||
Reference in New Issue
Block a user