security update core+modules
This commit is contained in:
Bachir Soussi Chiadmi
45
update.php
45
update.php
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Root directory of Drupal installation.
|
||||
* Defines the root directory of the Drupal installation.
|
||||
*/
|
||||
define('DRUPAL_ROOT', getcwd());
|
||||
|
||||
@@ -27,6 +27,9 @@ define('DRUPAL_ROOT', getcwd());
|
||||
*/
|
||||
define('MAINTENANCE_MODE', 'update');
|
||||
|
||||
/**
|
||||
* Renders a form with a list of available database updates.
|
||||
*/
|
||||
function update_selection_page() {
|
||||
drupal_set_title('Drupal database update');
|
||||
$elements = drupal_get_form('update_script_selection_form');
|
||||
@@ -37,6 +40,9 @@ function update_selection_page() {
|
||||
return $output;
|
||||
}
|
||||
|
||||
/**
|
||||
* Form constructor for the list of available database module updates.
|
||||
*/
|
||||
function update_script_selection_form($form, &$form_state) {
|
||||
$count = 0;
|
||||
$incompatible_count = 0;
|
||||
@@ -141,9 +147,10 @@ function update_script_selection_form($form, &$form_state) {
|
||||
return $form;
|
||||
}
|
||||
|
||||
/**
|
||||
* Provides links to the homepage and administration pages.
|
||||
*/
|
||||
function update_helpful_links() {
|
||||
// NOTE: we can't use l() here because the URL would point to
|
||||
// 'update.php?q=admin'.
|
||||
$links[] = '<a href="' . base_path() . '">Front page</a>';
|
||||
if (user_access('access administration pages')) {
|
||||
$links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
|
||||
@@ -151,6 +158,9 @@ function update_helpful_links() {
|
||||
return $links;
|
||||
}
|
||||
|
||||
/**
|
||||
* Displays results of the update script with any accompanying errors.
|
||||
*/
|
||||
function update_results_page() {
|
||||
drupal_set_title('Drupal database update');
|
||||
$links = update_helpful_links();
|
||||
@@ -168,7 +178,8 @@ function update_results_page() {
|
||||
$output = '<p>Updates were attempted. If you see no failures below, you may proceed happily back to your <a href="' . base_path() . '">site</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
|
||||
}
|
||||
else {
|
||||
list($module, $version) = array_pop(reset($_SESSION['updates_remaining']));
|
||||
$updates_remaining = reset($_SESSION['updates_remaining']);
|
||||
list($module, $version) = array_pop($updates_remaining);
|
||||
$output = '<p class="error">The update process was aborted prematurely while running <strong>update #' . $version . ' in ' . $module . '.module</strong>.' . $log_message;
|
||||
if (module_exists('dblog')) {
|
||||
$output .= ' You may need to check the <code>watchdog</code> database table manually.';
|
||||
@@ -231,6 +242,15 @@ function update_results_page() {
|
||||
return $output;
|
||||
}
|
||||
|
||||
/**
|
||||
* Provides an overview of the Drupal database update.
|
||||
*
|
||||
* This page provides cautionary suggestions that should happen before
|
||||
* proceeding with the update to ensure data integrity.
|
||||
*
|
||||
* @return
|
||||
* Rendered HTML form.
|
||||
*/
|
||||
function update_info_page() {
|
||||
// Change query-strings on css/js files to enforce reload for all users.
|
||||
_drupal_flush_css_js();
|
||||
@@ -256,6 +276,12 @@ function update_info_page() {
|
||||
return $output;
|
||||
}
|
||||
|
||||
/**
|
||||
* Renders a 403 access denied page for update.php.
|
||||
*
|
||||
* @return
|
||||
* Rendered HTML warning with 403 status.
|
||||
*/
|
||||
function update_access_denied_page() {
|
||||
drupal_add_http_header('Status', '403 Forbidden');
|
||||
watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING);
|
||||
@@ -294,7 +320,7 @@ function update_access_allowed() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Add the update task list to the current page.
|
||||
* Adds the update task list to the current page.
|
||||
*/
|
||||
function update_task_list($active = NULL) {
|
||||
// Default list of tasks.
|
||||
@@ -310,8 +336,7 @@ function update_task_list($active = NULL) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns (and optionally stores) extra requirements that only apply during
|
||||
* particular parts of the update.php process.
|
||||
* Returns and stores extra requirements that apply during the update process.
|
||||
*/
|
||||
function update_extra_requirements($requirements = NULL) {
|
||||
static $extra_requirements = array();
|
||||
@@ -322,7 +347,7 @@ function update_extra_requirements($requirements = NULL) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Check update requirements and report any errors or (optionally) warnings.
|
||||
* Checks update requirements and reports errors and (optionally) warnings.
|
||||
*
|
||||
* @param $skip_warnings
|
||||
* (optional) If set to TRUE, requirement warnings will be ignored, and a
|
||||
@@ -443,13 +468,13 @@ if (update_access_allowed()) {
|
||||
// update.php ops.
|
||||
|
||||
case 'selection':
|
||||
if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
|
||||
if (isset($_GET['token']) && drupal_valid_token($_GET['token'], 'update')) {
|
||||
$output = update_selection_page();
|
||||
break;
|
||||
}
|
||||
|
||||
case 'Apply pending updates':
|
||||
if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
|
||||
if (isset($_GET['token']) && drupal_valid_token($_GET['token'], 'update')) {
|
||||
// Generate absolute URLs for the batch processing (using $base_root),
|
||||
// since the batch API will pass them to url() which does not handle
|
||||
// update.php correctly by default.
|
||||
|
||||
Reference in New Issue
Block a user