update.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511
  1. <?php
  2. /**
  3. * Defines the root directory of the Drupal installation.
  4. */
  5. define('DRUPAL_ROOT', getcwd());
  6. /**
  7. * @file
  8. * Administrative page for handling updates from one Drupal version to another.
  9. *
  10. * Point your browser to "http://www.example.com/update.php" and follow the
  11. * instructions.
  12. *
  13. * If you are not logged in using either the site maintenance account or an
  14. * account with the "Administer software updates" permission, you will need to
  15. * modify the access check statement inside your settings.php file. After
  16. * finishing the upgrade, be sure to open settings.php again, and change it
  17. * back to its original state!
  18. */
  19. /**
  20. * Global flag indicating that update.php is being run.
  21. *
  22. * When this flag is set, various operations do not take place, such as invoking
  23. * hook_init() and hook_exit(), css/js preprocessing, and translation.
  24. */
  25. define('MAINTENANCE_MODE', 'update');
  26. /**
  27. * Renders a form with a list of available database updates.
  28. */
  29. function update_selection_page() {
  30. drupal_set_title('Drupal database update');
  31. $elements = drupal_get_form('update_script_selection_form');
  32. $output = drupal_render($elements);
  33. update_task_list('select');
  34. return $output;
  35. }
  36. /**
  37. * Form constructor for the list of available database module updates.
  38. */
  39. function update_script_selection_form($form, &$form_state) {
  40. $count = 0;
  41. $incompatible_count = 0;
  42. $form['start'] = array(
  43. '#tree' => TRUE,
  44. '#type' => 'fieldset',
  45. '#collapsed' => TRUE,
  46. '#collapsible' => TRUE,
  47. );
  48. // Ensure system.module's updates appear first.
  49. $form['start']['system'] = array();
  50. $updates = update_get_update_list();
  51. $starting_updates = array();
  52. $incompatible_updates_exist = FALSE;
  53. foreach ($updates as $module => $update) {
  54. if (!isset($update['start'])) {
  55. $form['start'][$module] = array(
  56. '#type' => 'item',
  57. '#title' => $module . ' module',
  58. '#markup' => $update['warning'],
  59. '#prefix' => '<div class="messages warning">',
  60. '#suffix' => '</div>',
  61. );
  62. $incompatible_updates_exist = TRUE;
  63. continue;
  64. }
  65. if (!empty($update['pending'])) {
  66. $starting_updates[$module] = $update['start'];
  67. $form['start'][$module] = array(
  68. '#type' => 'hidden',
  69. '#value' => $update['start'],
  70. );
  71. $form['start'][$module . '_updates'] = array(
  72. '#theme' => 'item_list',
  73. '#items' => $update['pending'],
  74. '#title' => $module . ' module',
  75. );
  76. }
  77. if (isset($update['pending'])) {
  78. $count = $count + count($update['pending']);
  79. }
  80. }
  81. // Find and label any incompatible updates.
  82. foreach (update_resolve_dependencies($starting_updates) as $function => $data) {
  83. if (!$data['allowed']) {
  84. $incompatible_updates_exist = TRUE;
  85. $incompatible_count++;
  86. $module_update_key = $data['module'] . '_updates';
  87. if (isset($form['start'][$module_update_key]['#items'][$data['number']])) {
  88. $text = $data['missing_dependencies'] ? 'This update will been skipped due to the following missing dependencies: <em>' . implode(', ', $data['missing_dependencies']) . '</em>' : "This update will be skipped due to an error in the module's code.";
  89. $form['start'][$module_update_key]['#items'][$data['number']] .= '<div class="warning">' . $text . '</div>';
  90. }
  91. // Move the module containing this update to the top of the list.
  92. $form['start'] = array($module_update_key => $form['start'][$module_update_key]) + $form['start'];
  93. }
  94. }
  95. // Warn the user if any updates were incompatible.
  96. if ($incompatible_updates_exist) {
  97. drupal_set_message('Some of the pending updates cannot be applied because their dependencies were not met.', 'warning');
  98. }
  99. if (empty($count)) {
  100. drupal_set_message(t('No pending updates.'));
  101. unset($form);
  102. $form['links'] = array(
  103. '#markup' => theme('item_list', array('items' => update_helpful_links())),
  104. );
  105. // No updates to run, so caches won't get flushed later. Clear them now.
  106. drupal_flush_all_caches();
  107. }
  108. else {
  109. $form['help'] = array(
  110. '#markup' => '<p>The version of Drupal you are updating from has been automatically detected.</p>',
  111. '#weight' => -5,
  112. );
  113. if ($incompatible_count) {
  114. $form['start']['#title'] = format_plural(
  115. $count,
  116. '1 pending update (@number_applied to be applied, @number_incompatible skipped)',
  117. '@count pending updates (@number_applied to be applied, @number_incompatible skipped)',
  118. array('@number_applied' => $count - $incompatible_count, '@number_incompatible' => $incompatible_count)
  119. );
  120. }
  121. else {
  122. $form['start']['#title'] = format_plural($count, '1 pending update', '@count pending updates');
  123. }
  124. $form['has_js'] = array(
  125. '#type' => 'hidden',
  126. '#default_value' => FALSE,
  127. );
  128. $form['actions'] = array('#type' => 'actions');
  129. $form['actions']['submit'] = array(
  130. '#type' => 'submit',
  131. '#value' => 'Apply pending updates',
  132. );
  133. }
  134. return $form;
  135. }
  136. /**
  137. * Provides links to the homepage and administration pages.
  138. */
  139. function update_helpful_links() {
  140. $links[] = '<a href="' . base_path() . '">Front page</a>';
  141. if (user_access('access administration pages')) {
  142. $links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
  143. }
  144. return $links;
  145. }
  146. /**
  147. * Displays results of the update script with any accompanying errors.
  148. */
  149. function update_results_page() {
  150. drupal_set_title('Drupal database update');
  151. $links = update_helpful_links();
  152. update_task_list();
  153. // Report end result.
  154. if (module_exists('dblog') && user_access('access site reports')) {
  155. $log_message = ' All errors have been <a href="' . base_path() . '?q=admin/reports/dblog">logged</a>.';
  156. }
  157. else {
  158. $log_message = ' All errors have been logged.';
  159. }
  160. if ($_SESSION['update_success']) {
  161. $output = '<p>Updates were attempted. If you see no failures below, you may proceed happily back to your <a href="' . base_path() . '">site</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
  162. }
  163. else {
  164. $updates_remaining = reset($_SESSION['updates_remaining']);
  165. list($module, $version) = array_pop($updates_remaining);
  166. $output = '<p class="error">The update process was aborted prematurely while running <strong>update #' . $version . ' in ' . $module . '.module</strong>.' . $log_message;
  167. if (module_exists('dblog')) {
  168. $output .= ' You may need to check the <code>watchdog</code> database table manually.';
  169. }
  170. $output .= '</p>';
  171. }
  172. if (!empty($GLOBALS['update_free_access'])) {
  173. $output .= "<p><strong>Reminder: don't forget to set the <code>\$update_free_access</code> value in your <code>settings.php</code> file back to <code>FALSE</code>.</strong></p>";
  174. }
  175. $output .= theme('item_list', array('items' => $links));
  176. // Output a list of queries executed.
  177. if (!empty($_SESSION['update_results'])) {
  178. $all_messages = '';
  179. foreach ($_SESSION['update_results'] as $module => $updates) {
  180. if ($module != '#abort') {
  181. $module_has_message = FALSE;
  182. $query_messages = '';
  183. foreach ($updates as $number => $queries) {
  184. $messages = array();
  185. foreach ($queries as $query) {
  186. // If there is no message for this update, don't show anything.
  187. if (empty($query['query'])) {
  188. continue;
  189. }
  190. if ($query['success']) {
  191. $messages[] = '<li class="success">' . $query['query'] . '</li>';
  192. }
  193. else {
  194. $messages[] = '<li class="failure"><strong>Failed:</strong> ' . $query['query'] . '</li>';
  195. }
  196. }
  197. if ($messages) {
  198. $module_has_message = TRUE;
  199. $query_messages .= '<h4>Update #' . $number . "</h4>\n";
  200. $query_messages .= '<ul>' . implode("\n", $messages) . "</ul>\n";
  201. }
  202. }
  203. // If there were any messages in the queries then prefix them with the
  204. // module name and add it to the global message list.
  205. if ($module_has_message) {
  206. $all_messages .= '<h3>' . $module . " module</h3>\n" . $query_messages;
  207. }
  208. }
  209. }
  210. if ($all_messages) {
  211. $output .= '<div id="update-results"><h2>The following updates returned messages</h2>';
  212. $output .= $all_messages;
  213. $output .= '</div>';
  214. }
  215. }
  216. unset($_SESSION['update_results']);
  217. unset($_SESSION['update_success']);
  218. return $output;
  219. }
  220. /**
  221. * Provides an overview of the Drupal database update.
  222. *
  223. * This page provides cautionary suggestions that should happen before
  224. * proceeding with the update to ensure data integrity.
  225. *
  226. * @return
  227. * Rendered HTML form.
  228. */
  229. function update_info_page() {
  230. // Change query-strings on css/js files to enforce reload for all users.
  231. _drupal_flush_css_js();
  232. // Flush the cache of all data for the update status module.
  233. if (db_table_exists('cache_update')) {
  234. cache_clear_all('*', 'cache_update', TRUE);
  235. }
  236. update_task_list('info');
  237. drupal_set_title('Drupal database update');
  238. $token = drupal_get_token('update');
  239. $output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/upgrade">upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
  240. $output .= "<ol>\n";
  241. $output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n";
  242. $output .= "<li><strong>Back up your code</strong>. Hint: when backing up module code, do not leave that backup in the 'modules' or 'sites/*/modules' directories as this may confuse Drupal's auto-discovery mechanism.</li>\n";
  243. $output .= '<li>Put your site into <a href="' . base_path() . '?q=admin/config/development/maintenance">maintenance mode</a>.</li>' . "\n";
  244. $output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n";
  245. $output .= "</ol>\n";
  246. $output .= "<p>When you have performed the steps above, you may proceed.</p>\n";
  247. $form_action = check_url(drupal_current_script_url(array('op' => 'selection', 'token' => $token)));
  248. $output .= '<form method="post" action="' . $form_action . '"><p><input type="submit" value="Continue" class="form-submit" /></p></form>';
  249. $output .= "\n";
  250. return $output;
  251. }
  252. /**
  253. * Renders a 403 access denied page for update.php.
  254. *
  255. * @return
  256. * Rendered HTML warning with 403 status.
  257. */
  258. function update_access_denied_page() {
  259. drupal_add_http_header('Status', '403 Forbidden');
  260. watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING);
  261. drupal_set_title('Access denied');
  262. return '<p>Access denied. You are not authorized to access this page. Log in using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation). If you cannot log in, you will have to edit <code>settings.php</code> to bypass this access check. To do this:</p>
  263. <ol>
  264. <li>With a text editor find the settings.php file on your system. From the main Drupal directory that you installed all the files into, go to <code>sites/your_site_name</code> if such directory exists, or else to <code>sites/default</code> which applies otherwise.</li>
  265. <li>There is a line inside your settings.php file that says <code>$update_free_access = FALSE;</code>. Change it to <code>$update_free_access = TRUE;</code>.</li>
  266. <li>As soon as the update.php script is done, you must change the settings.php file back to its original form with <code>$update_free_access = FALSE;</code>.</li>
  267. <li>To avoid having this problem in the future, remember to log in to your website using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation) before you backup your database at the beginning of the update process.</li>
  268. </ol>';
  269. }
  270. /**
  271. * Determines if the current user is allowed to run update.php.
  272. *
  273. * @return
  274. * TRUE if the current user should be granted access, or FALSE otherwise.
  275. */
  276. function update_access_allowed() {
  277. global $update_free_access, $user;
  278. // Allow the global variable in settings.php to override the access check.
  279. if (!empty($update_free_access)) {
  280. return TRUE;
  281. }
  282. // Calls to user_access() might fail during the Drupal 6 to 7 update process,
  283. // so we fall back on requiring that the user be logged in as user #1.
  284. try {
  285. require_once DRUPAL_ROOT . '/' . drupal_get_path('module', 'user') . '/user.module';
  286. return user_access('administer software updates');
  287. }
  288. catch (Exception $e) {
  289. return ($user->uid == 1);
  290. }
  291. }
  292. /**
  293. * Adds the update task list to the current page.
  294. */
  295. function update_task_list($active = NULL) {
  296. // Default list of tasks.
  297. $tasks = array(
  298. 'requirements' => 'Verify requirements',
  299. 'info' => 'Overview',
  300. 'select' => 'Review updates',
  301. 'run' => 'Run updates',
  302. 'finished' => 'Review log',
  303. );
  304. drupal_add_region_content('sidebar_first', theme('task_list', array('items' => $tasks, 'active' => $active)));
  305. }
  306. /**
  307. * Returns and stores extra requirements that apply during the update process.
  308. */
  309. function update_extra_requirements($requirements = NULL) {
  310. static $extra_requirements = array();
  311. if (isset($requirements)) {
  312. $extra_requirements += $requirements;
  313. }
  314. return $extra_requirements;
  315. }
  316. /**
  317. * Checks update requirements and reports errors and (optionally) warnings.
  318. *
  319. * @param $skip_warnings
  320. * (optional) If set to TRUE, requirement warnings will be ignored, and a
  321. * report will only be issued if there are requirement errors. Defaults to
  322. * FALSE.
  323. */
  324. function update_check_requirements($skip_warnings = FALSE) {
  325. // Check requirements of all loaded modules.
  326. $requirements = module_invoke_all('requirements', 'update');
  327. $requirements += update_extra_requirements();
  328. $severity = drupal_requirements_severity($requirements);
  329. // If there are errors, always display them. If there are only warnings, skip
  330. // them if the caller has indicated they should be skipped.
  331. if ($severity == REQUIREMENT_ERROR || ($severity == REQUIREMENT_WARNING && !$skip_warnings)) {
  332. update_task_list('requirements');
  333. drupal_set_title('Requirements problem');
  334. $status_report = theme('status_report', array('requirements' => $requirements));
  335. $status_report .= 'Check the error messages and <a href="' . check_url(drupal_requirements_url($severity)) . '">try again</a>.';
  336. print theme('update_page', array('content' => $status_report));
  337. exit();
  338. }
  339. }
  340. // Some unavoidable errors happen because the database is not yet up-to-date.
  341. // Our custom error handler is not yet installed, so we just suppress them.
  342. ini_set('display_errors', FALSE);
  343. // We prepare a minimal bootstrap for the update requirements check to avoid
  344. // reaching the PHP memory limit.
  345. require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
  346. require_once DRUPAL_ROOT . '/includes/update.inc';
  347. require_once DRUPAL_ROOT . '/includes/common.inc';
  348. require_once DRUPAL_ROOT . '/includes/file.inc';
  349. require_once DRUPAL_ROOT . '/includes/entity.inc';
  350. require_once DRUPAL_ROOT . '/includes/unicode.inc';
  351. update_prepare_d7_bootstrap();
  352. // Temporarily disable configurable timezones so the upgrade process uses the
  353. // site-wide timezone. This prevents a PHP notice during session initlization
  354. // and before offsets have been converted in user_update_7002().
  355. $configurable_timezones = variable_get('configurable_timezones', 1);
  356. $conf['configurable_timezones'] = 0;
  357. // Determine if the current user has access to run update.php.
  358. drupal_bootstrap(DRUPAL_BOOTSTRAP_SESSION);
  359. // Reset configurable timezones.
  360. $conf['configurable_timezones'] = $configurable_timezones;
  361. // Only allow the requirements check to proceed if the current user has access
  362. // to run updates (since it may expose sensitive information about the site's
  363. // configuration).
  364. $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
  365. if (empty($op) && update_access_allowed()) {
  366. require_once DRUPAL_ROOT . '/includes/install.inc';
  367. require_once DRUPAL_ROOT . '/modules/system/system.install';
  368. // Load module basics.
  369. include_once DRUPAL_ROOT . '/includes/module.inc';
  370. $module_list['system']['filename'] = 'modules/system/system.module';
  371. module_list(TRUE, FALSE, FALSE, $module_list);
  372. drupal_load('module', 'system');
  373. // Reset the module_implements() cache so that any new hook implementations
  374. // in updated code are picked up.
  375. module_implements('', FALSE, TRUE);
  376. // Set up $language, since the installer components require it.
  377. drupal_language_initialize();
  378. // Set up theme system for the maintenance page.
  379. drupal_maintenance_theme();
  380. // Check the update requirements for Drupal. Only report on errors at this
  381. // stage, since the real requirements check happens further down.
  382. update_check_requirements(TRUE);
  383. // Redirect to the update information page if all requirements were met.
  384. install_goto('update.php?op=info');
  385. }
  386. // update_fix_d7_requirements() needs to run before bootstrapping beyond path.
  387. // So bootstrap to DRUPAL_BOOTSTRAP_LANGUAGE then include unicode.inc.
  388. drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE);
  389. include_once DRUPAL_ROOT . '/includes/unicode.inc';
  390. update_fix_d7_requirements();
  391. // Now proceed with a full bootstrap.
  392. drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
  393. drupal_maintenance_theme();
  394. // Turn error reporting back on. From now on, only fatal errors (which are
  395. // not passed through the error handler) will cause a message to be printed.
  396. ini_set('display_errors', TRUE);
  397. // Only proceed with updates if the user is allowed to run them.
  398. if (update_access_allowed()) {
  399. include_once DRUPAL_ROOT . '/includes/install.inc';
  400. include_once DRUPAL_ROOT . '/includes/batch.inc';
  401. drupal_load_updates();
  402. update_fix_compatibility();
  403. // Check the update requirements for all modules. If there are warnings, but
  404. // no errors, skip reporting them if the user has provided a URL parameter
  405. // acknowledging the warnings and indicating a desire to continue anyway. See
  406. // drupal_requirements_url().
  407. $skip_warnings = !empty($_GET['continue']);
  408. update_check_requirements($skip_warnings);
  409. $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
  410. switch ($op) {
  411. // update.php ops.
  412. case 'selection':
  413. if (isset($_GET['token']) && drupal_valid_token($_GET['token'], 'update')) {
  414. $output = update_selection_page();
  415. break;
  416. }
  417. case 'Apply pending updates':
  418. if (isset($_GET['token']) && drupal_valid_token($_GET['token'], 'update')) {
  419. // Generate absolute URLs for the batch processing (using $base_root),
  420. // since the batch API will pass them to url() which does not handle
  421. // update.php correctly by default.
  422. $batch_url = $base_root . drupal_current_script_url();
  423. $redirect_url = $base_root . drupal_current_script_url(array('op' => 'results'));
  424. update_batch($_POST['start'], $redirect_url, $batch_url);
  425. break;
  426. }
  427. case 'info':
  428. $output = update_info_page();
  429. break;
  430. case 'results':
  431. $output = update_results_page();
  432. break;
  433. // Regular batch ops : defer to batch processing API.
  434. default:
  435. update_task_list('run');
  436. $output = _batch_page();
  437. break;
  438. }
  439. }
  440. else {
  441. $output = update_access_denied_page();
  442. }
  443. if (isset($output) && $output) {
  444. // Explicitly start a session so that the update.php token will be accepted.
  445. drupal_session_start();
  446. // We defer the display of messages until all updates are done.
  447. $progress_page = ($batch = batch_get()) && isset($batch['running']);
  448. print theme('update_page', array('content' => $output, 'show_messages' => !$progress_page));
  449. }