update.compare.inc 34 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832
  1. <?php
  2. /**
  3. * @file
  4. * Code required only when comparing available updates to existing data.
  5. */
  6. /**
  7. * Fetches an array of installed and enabled projects.
  8. *
  9. * This is only responsible for generating an array of projects (taking into
  10. * account projects that include more than one module or theme). Other
  11. * information like the specific version and install type (official release,
  12. * dev snapshot, etc) is handled later in update_process_project_info() since
  13. * that logic is only required when preparing the status report, not for
  14. * fetching the available release data.
  15. *
  16. * This array is fairly expensive to construct, since it involves a lot of disk
  17. * I/O, so we cache the results into the {cache_update} table using the
  18. * 'update_project_projects' cache ID. However, since this is not the data about
  19. * available updates fetched from the network, it is acceptable to invalidate it
  20. * somewhat quickly. If we keep this data for very long, site administrators are
  21. * more likely to see incorrect results if they upgrade to a newer version of a
  22. * module or theme but do not visit certain pages that automatically clear this
  23. * cache.
  24. *
  25. * @return
  26. * An associative array of currently enabled projects keyed by the
  27. * machine-readable project short name. Each project contains:
  28. * - name: The machine-readable project short name.
  29. * - info: An array with values from the main .info file for this project.
  30. * - name: The human-readable name of the project.
  31. * - package: The package that the project is grouped under.
  32. * - version: The version of the project.
  33. * - project: The Drupal.org project name.
  34. * - datestamp: The date stamp of the project's main .info file.
  35. * - _info_file_ctime: The maximum file change time for all of the .info
  36. * files included in this project.
  37. * - datestamp: The date stamp when the project was released, if known.
  38. * - includes: An associative array containing all projects included with this
  39. * project, keyed by the machine-readable short name with the human-readable
  40. * name as value.
  41. * - project_type: The type of project. Allowed values are 'module' and
  42. * 'theme'.
  43. * - project_status: This indicates if the project is enabled and will always
  44. * be TRUE, as the function only returns enabled projects.
  45. * - sub_themes: If the project is a theme it contains an associative array of
  46. * all sub-themes.
  47. * - base_themes: If the project is a theme it contains an associative array
  48. * of all base-themes.
  49. *
  50. * @see update_process_project_info()
  51. * @see update_calculate_project_data()
  52. * @see update_project_cache()
  53. */
  54. function update_get_projects() {
  55. $projects = &drupal_static(__FUNCTION__, array());
  56. if (empty($projects)) {
  57. // Retrieve the projects from cache, if present.
  58. $projects = update_project_cache('update_project_projects');
  59. if (empty($projects)) {
  60. // Still empty, so we have to rebuild the cache.
  61. $module_data = system_rebuild_module_data();
  62. $theme_data = system_rebuild_theme_data();
  63. _update_process_info_list($projects, $module_data, 'module', TRUE);
  64. _update_process_info_list($projects, $theme_data, 'theme', TRUE);
  65. if (variable_get('update_check_disabled', FALSE)) {
  66. _update_process_info_list($projects, $module_data, 'module', FALSE);
  67. _update_process_info_list($projects, $theme_data, 'theme', FALSE);
  68. }
  69. // Allow other modules to alter projects before fetching and comparing.
  70. drupal_alter('update_projects', $projects);
  71. // Cache the site's project data for at most 1 hour.
  72. _update_cache_set('update_project_projects', $projects, REQUEST_TIME + 3600);
  73. }
  74. }
  75. return $projects;
  76. }
  77. /**
  78. * Populates an array of project data.
  79. *
  80. * This iterates over a list of the installed modules or themes and groups them
  81. * by project and status. A few parts of this function assume that enabled
  82. * modules and themes are always processed first, and if disabled modules or
  83. * themes are being processed (there is a setting to control if disabled code
  84. * should be included or not in the 'Available updates' report), those are only
  85. * processed after $projects has been populated with information about the
  86. * enabled code. Modules and themes set as hidden are always ignored. This
  87. * function also records the latest change time on the .info files for each
  88. * module or theme, which is important data which is used when deciding if the
  89. * cached available update data should be invalidated.
  90. *
  91. * @param $projects
  92. * Reference to the array of project data of what's installed on this site.
  93. * @param $list
  94. * Array of data to process to add the relevant info to the $projects array.
  95. * @param $project_type
  96. * The kind of data in the list. Can be 'module' or 'theme'.
  97. * @param $status
  98. * Boolean that controls what status (enabled or disabled) to process out of
  99. * the $list and add to the $projects array.
  100. *
  101. * @see update_get_projects()
  102. */
  103. function _update_process_info_list(&$projects, $list, $project_type, $status) {
  104. foreach ($list as $file) {
  105. // A disabled base theme of an enabled sub-theme still has all of its code
  106. // run by the sub-theme, so we include it in our "enabled" projects list.
  107. if ($status && !$file->status && !empty($file->sub_themes)) {
  108. foreach ($file->sub_themes as $key => $name) {
  109. // Build a list of enabled sub-themes.
  110. if ($list[$key]->status) {
  111. $file->enabled_sub_themes[$key] = $name;
  112. }
  113. }
  114. // If there are no enabled subthemes, we should ignore this base theme
  115. // for the enabled case. If the site is trying to display disabled
  116. // themes, we'll catch it then.
  117. if (empty($file->enabled_sub_themes)) {
  118. continue;
  119. }
  120. }
  121. // Otherwise, just add projects of the proper status to our list.
  122. elseif ($file->status != $status) {
  123. continue;
  124. }
  125. // Skip if the .info file is broken.
  126. if (empty($file->info)) {
  127. continue;
  128. }
  129. // Skip if it's a hidden module or theme.
  130. if (!empty($file->info['hidden'])) {
  131. continue;
  132. }
  133. // If the .info doesn't define the 'project', try to figure it out.
  134. if (!isset($file->info['project'])) {
  135. $file->info['project'] = update_get_project_name($file);
  136. }
  137. // If we still don't know the 'project', give up.
  138. if (empty($file->info['project'])) {
  139. continue;
  140. }
  141. // If we don't already know it, grab the change time on the .info file
  142. // itself. Note: we need to use the ctime, not the mtime (modification
  143. // time) since many (all?) tar implementations will go out of their way to
  144. // set the mtime on the files it creates to the timestamps recorded in the
  145. // tarball. We want to see the last time the file was changed on disk,
  146. // which is left alone by tar and correctly set to the time the .info file
  147. // was unpacked.
  148. if (!isset($file->info['_info_file_ctime'])) {
  149. $info_filename = dirname($file->uri) . '/' . $file->name . '.info';
  150. $file->info['_info_file_ctime'] = filectime($info_filename);
  151. }
  152. if (!isset($file->info['datestamp'])) {
  153. $file->info['datestamp'] = 0;
  154. }
  155. $project_name = $file->info['project'];
  156. // Figure out what project type we're going to use to display this module
  157. // or theme. If the project name is 'drupal', we don't want it to show up
  158. // under the usual "Modules" section, we put it at a special "Drupal Core"
  159. // section at the top of the report.
  160. if ($project_name == 'drupal') {
  161. $project_display_type = 'core';
  162. }
  163. else {
  164. $project_display_type = $project_type;
  165. }
  166. if (empty($status) && empty($file->enabled_sub_themes)) {
  167. // If we're processing disabled modules or themes, append a suffix.
  168. // However, we don't do this to a a base theme with enabled
  169. // subthemes, since we treat that case as if it is enabled.
  170. $project_display_type .= '-disabled';
  171. }
  172. // Add a list of sub-themes that "depend on" the project and a list of base
  173. // themes that are "required by" the project.
  174. if ($project_name == 'drupal') {
  175. // Drupal core is always required, so this extra info would be noise.
  176. $sub_themes = array();
  177. $base_themes = array();
  178. }
  179. else {
  180. // Add list of enabled sub-themes.
  181. $sub_themes = !empty($file->enabled_sub_themes) ? $file->enabled_sub_themes : array();
  182. // Add list of base themes.
  183. $base_themes = !empty($file->base_themes) ? $file->base_themes : array();
  184. }
  185. if (!isset($projects[$project_name])) {
  186. // Only process this if we haven't done this project, since a single
  187. // project can have multiple modules or themes.
  188. $projects[$project_name] = array(
  189. 'name' => $project_name,
  190. // Only save attributes from the .info file we care about so we do not
  191. // bloat our RAM usage needlessly.
  192. 'info' => update_filter_project_info($file->info),
  193. 'datestamp' => $file->info['datestamp'],
  194. 'includes' => array($file->name => $file->info['name']),
  195. 'project_type' => $project_display_type,
  196. 'project_status' => $status,
  197. 'sub_themes' => $sub_themes,
  198. 'base_themes' => $base_themes,
  199. );
  200. }
  201. elseif ($projects[$project_name]['project_type'] == $project_display_type) {
  202. // Only add the file we're processing to the 'includes' array for this
  203. // project if it is of the same type and status (which is encoded in the
  204. // $project_display_type). This prevents listing all the disabled
  205. // modules included with an enabled project if we happen to be checking
  206. // for disabled modules, too.
  207. $projects[$project_name]['includes'][$file->name] = $file->info['name'];
  208. $projects[$project_name]['info']['_info_file_ctime'] = max($projects[$project_name]['info']['_info_file_ctime'], $file->info['_info_file_ctime']);
  209. $projects[$project_name]['datestamp'] = max($projects[$project_name]['datestamp'], $file->info['datestamp']);
  210. if (!empty($sub_themes)) {
  211. $projects[$project_name]['sub_themes'] += $sub_themes;
  212. }
  213. if (!empty($base_themes)) {
  214. $projects[$project_name]['base_themes'] += $base_themes;
  215. }
  216. }
  217. elseif (empty($status)) {
  218. // If we have a project_name that matches, but the project_display_type
  219. // does not, it means we're processing a disabled module or theme that
  220. // belongs to a project that has some enabled code. In this case, we add
  221. // the disabled thing into a separate array for separate display.
  222. $projects[$project_name]['disabled'][$file->name] = $file->info['name'];
  223. }
  224. }
  225. }
  226. /**
  227. * Determines what project a given file object belongs to.
  228. *
  229. * @param $file
  230. * A file object as returned by system_get_files_database().
  231. *
  232. * @return
  233. * The canonical project short name.
  234. *
  235. * @see system_get_files_database()
  236. */
  237. function update_get_project_name($file) {
  238. $project_name = '';
  239. if (isset($file->info['project'])) {
  240. $project_name = $file->info['project'];
  241. }
  242. elseif (isset($file->info['package']) && (strpos($file->info['package'], 'Core') === 0)) {
  243. $project_name = 'drupal';
  244. }
  245. return $project_name;
  246. }
  247. /**
  248. * Determines version and type information for currently installed projects.
  249. *
  250. * Processes the list of projects on the system to figure out the currently
  251. * installed versions, and other information that is required before we can
  252. * compare against the available releases to produce the status report.
  253. *
  254. * @param $projects
  255. * Array of project information from update_get_projects().
  256. */
  257. function update_process_project_info(&$projects) {
  258. foreach ($projects as $key => $project) {
  259. // Assume an official release until we see otherwise.
  260. $install_type = 'official';
  261. $info = $project['info'];
  262. if (isset($info['version'])) {
  263. // Check for development snapshots
  264. if (preg_match('@(dev|HEAD)@', $info['version'])) {
  265. $install_type = 'dev';
  266. }
  267. // Figure out what the currently installed major version is. We need
  268. // to handle both contribution (e.g. "5.x-1.3", major = 1) and core
  269. // (e.g. "5.1", major = 5) version strings.
  270. $matches = array();
  271. if (preg_match('/^(\d+\.x-)?(\d+)\..*$/', $info['version'], $matches)) {
  272. $info['major'] = $matches[2];
  273. }
  274. elseif (!isset($info['major'])) {
  275. // This would only happen for version strings that don't follow the
  276. // drupal.org convention. We let contribs define "major" in their
  277. // .info in this case, and only if that's missing would we hit this.
  278. $info['major'] = -1;
  279. }
  280. }
  281. else {
  282. // No version info available at all.
  283. $install_type = 'unknown';
  284. $info['version'] = t('Unknown');
  285. $info['major'] = -1;
  286. }
  287. // Finally, save the results we care about into the $projects array.
  288. $projects[$key]['existing_version'] = $info['version'];
  289. $projects[$key]['existing_major'] = $info['major'];
  290. $projects[$key]['install_type'] = $install_type;
  291. }
  292. }
  293. /**
  294. * Calculates the current update status of all projects on the site.
  295. *
  296. * The results of this function are expensive to compute, especially on sites
  297. * with lots of modules or themes, since it involves a lot of comparisons and
  298. * other operations. Therefore, we cache the results into the {cache_update}
  299. * table using the 'update_project_data' cache ID. However, since this is not
  300. * the data about available updates fetched from the network, it is ok to
  301. * invalidate it somewhat quickly. If we keep this data for very long, site
  302. * administrators are more likely to see incorrect results if they upgrade to a
  303. * newer version of a module or theme but do not visit certain pages that
  304. * automatically clear this cache.
  305. *
  306. * @param array $available
  307. * Data about available project releases.
  308. *
  309. * @return
  310. * An array of installed projects with current update status information.
  311. *
  312. * @see update_get_available()
  313. * @see update_get_projects()
  314. * @see update_process_project_info()
  315. * @see update_project_cache()
  316. */
  317. function update_calculate_project_data($available) {
  318. // Retrieve the projects from cache, if present.
  319. $projects = update_project_cache('update_project_data');
  320. // If $projects is empty, then the cache must be rebuilt.
  321. // Otherwise, return the cached data and skip the rest of the function.
  322. if (!empty($projects)) {
  323. return $projects;
  324. }
  325. $projects = update_get_projects();
  326. update_process_project_info($projects);
  327. foreach ($projects as $project => $project_info) {
  328. if (isset($available[$project])) {
  329. update_calculate_project_update_status($project, $projects[$project], $available[$project]);
  330. }
  331. else {
  332. $projects[$project]['status'] = UPDATE_UNKNOWN;
  333. $projects[$project]['reason'] = t('No available releases found');
  334. }
  335. }
  336. // Give other modules a chance to alter the status (for example, to allow a
  337. // contrib module to provide fine-grained settings to ignore specific
  338. // projects or releases).
  339. drupal_alter('update_status', $projects);
  340. // Cache the site's update status for at most 1 hour.
  341. _update_cache_set('update_project_data', $projects, REQUEST_TIME + 3600);
  342. return $projects;
  343. }
  344. /**
  345. * Calculates the current update status of a specific project.
  346. *
  347. * This function is the heart of the update status feature. For each project it
  348. * is invoked with, it first checks if the project has been flagged with a
  349. * special status like "unsupported" or "insecure", or if the project node
  350. * itself has been unpublished. In any of those cases, the project is marked
  351. * with an error and the next project is considered.
  352. *
  353. * If the project itself is valid, the function decides what major release
  354. * series to consider. The project defines what the currently supported major
  355. * versions are for each version of core, so the first step is to make sure the
  356. * current version is still supported. If so, that's the target version. If the
  357. * current version is unsupported, the project maintainer's recommended major
  358. * version is used. There's also a check to make sure that this function never
  359. * recommends an earlier release than the currently installed major version.
  360. *
  361. * Given a target major version, the available releases are scanned looking for
  362. * the specific release to recommend (avoiding beta releases and development
  363. * snapshots if possible). For the target major version, the highest patch level
  364. * is found. If there is a release at that patch level with no extra ("beta",
  365. * etc.), then the release at that patch level with the most recent release date
  366. * is recommended. If every release at that patch level has extra (only betas),
  367. * then the latest release from the previous patch level is recommended. For
  368. * example:
  369. *
  370. * - 1.6-bugfix <-- recommended version because 1.6 already exists.
  371. * - 1.6
  372. *
  373. * or
  374. *
  375. * - 1.6-beta
  376. * - 1.5 <-- recommended version because no 1.6 exists.
  377. * - 1.4
  378. *
  379. * Also, the latest release from the same major version is looked for, even beta
  380. * releases, to display to the user as the "Latest version" option.
  381. * Additionally, the latest official release from any higher major versions that
  382. * have been released is searched for to provide a set of "Also available"
  383. * options.
  384. *
  385. * Finally, and most importantly, the release history continues to be scanned
  386. * until the currently installed release is reached, searching for anything
  387. * marked as a security update. If any security updates have been found between
  388. * the recommended release and the installed version, all of the releases that
  389. * included a security fix are recorded so that the site administrator can be
  390. * warned their site is insecure, and links pointing to the release notes for
  391. * each security update can be included (which, in turn, will link to the
  392. * official security announcements for each vulnerability).
  393. *
  394. * This function relies on the fact that the .xml release history data comes
  395. * sorted based on major version and patch level, then finally by release date
  396. * if there are multiple releases such as betas from the same major.patch
  397. * version (e.g., 5.x-1.5-beta1, 5.x-1.5-beta2, and 5.x-1.5). Development
  398. * snapshots for a given major version are always listed last.
  399. *
  400. * @param $unused
  401. * Input is not being used, but remains in function for API compatibility
  402. * reasons.
  403. * @param $project_data
  404. * An array containing information about a specific project.
  405. * @param $available
  406. * Data about available project releases of a specific project.
  407. */
  408. function update_calculate_project_update_status($unused, &$project_data, $available) {
  409. foreach (array('title', 'link') as $attribute) {
  410. if (!isset($project_data[$attribute]) && isset($available[$attribute])) {
  411. $project_data[$attribute] = $available[$attribute];
  412. }
  413. }
  414. // If the project status is marked as something bad, there's nothing else
  415. // to consider.
  416. if (isset($available['project_status'])) {
  417. switch ($available['project_status']) {
  418. case 'insecure':
  419. $project_data['status'] = UPDATE_NOT_SECURE;
  420. if (empty($project_data['extra'])) {
  421. $project_data['extra'] = array();
  422. }
  423. $project_data['extra'][] = array(
  424. 'class' => array('project-not-secure'),
  425. 'label' => t('Project not secure'),
  426. 'data' => t('This project has been labeled insecure by the Drupal security team, and is no longer available for download. Immediately disabling everything included by this project is strongly recommended!'),
  427. );
  428. break;
  429. case 'unpublished':
  430. case 'revoked':
  431. $project_data['status'] = UPDATE_REVOKED;
  432. if (empty($project_data['extra'])) {
  433. $project_data['extra'] = array();
  434. }
  435. $project_data['extra'][] = array(
  436. 'class' => array('project-revoked'),
  437. 'label' => t('Project revoked'),
  438. 'data' => t('This project has been revoked, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),
  439. );
  440. break;
  441. case 'unsupported':
  442. $project_data['status'] = UPDATE_NOT_SUPPORTED;
  443. if (empty($project_data['extra'])) {
  444. $project_data['extra'] = array();
  445. }
  446. $project_data['extra'][] = array(
  447. 'class' => array('project-not-supported'),
  448. 'label' => t('Project not supported'),
  449. 'data' => t('This project is no longer supported, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),
  450. );
  451. break;
  452. case 'not-fetched':
  453. $project_data['status'] = UPDATE_NOT_FETCHED;
  454. $project_data['reason'] = t('Failed to get available update data.');
  455. break;
  456. default:
  457. // Assume anything else (e.g. 'published') is valid and we should
  458. // perform the rest of the logic in this function.
  459. break;
  460. }
  461. }
  462. if (!empty($project_data['status'])) {
  463. // We already know the status for this project, so there's nothing else to
  464. // compute. Record the project status into $project_data and we're done.
  465. $project_data['project_status'] = $available['project_status'];
  466. return;
  467. }
  468. // Figure out the target major version.
  469. $existing_major = $project_data['existing_major'];
  470. $supported_majors = array();
  471. if (isset($available['supported_majors'])) {
  472. $supported_majors = explode(',', $available['supported_majors']);
  473. }
  474. elseif (isset($available['default_major'])) {
  475. // Older release history XML file without supported or recommended.
  476. $supported_majors[] = $available['default_major'];
  477. }
  478. if (in_array($existing_major, $supported_majors)) {
  479. // Still supported, stay at the current major version.
  480. $target_major = $existing_major;
  481. }
  482. elseif (isset($available['recommended_major'])) {
  483. // Since 'recommended_major' is defined, we know this is the new XML
  484. // format. Therefore, we know the current release is unsupported since
  485. // its major version was not in the 'supported_majors' list. We should
  486. // find the best release from the recommended major version.
  487. $target_major = $available['recommended_major'];
  488. $project_data['status'] = UPDATE_NOT_SUPPORTED;
  489. }
  490. elseif (isset($available['default_major'])) {
  491. // Older release history XML file without recommended, so recommend
  492. // the currently defined "default_major" version.
  493. $target_major = $available['default_major'];
  494. }
  495. else {
  496. // Malformed XML file? Stick with the current version.
  497. $target_major = $existing_major;
  498. }
  499. // Make sure we never tell the admin to downgrade. If we recommended an
  500. // earlier version than the one they're running, they'd face an
  501. // impossible data migration problem, since Drupal never supports a DB
  502. // downgrade path. In the unfortunate case that what they're running is
  503. // unsupported, and there's nothing newer for them to upgrade to, we
  504. // can't print out a "Recommended version", but just have to tell them
  505. // what they have is unsupported and let them figure it out.
  506. $target_major = max($existing_major, $target_major);
  507. $release_patch_changed = '';
  508. $patch = '';
  509. // If the project is marked as UPDATE_FETCH_PENDING, it means that the
  510. // data we currently have (if any) is stale, and we've got a task queued
  511. // up to (re)fetch the data. In that case, we mark it as such, merge in
  512. // whatever data we have (e.g. project title and link), and move on.
  513. if (!empty($available['fetch_status']) && $available['fetch_status'] == UPDATE_FETCH_PENDING) {
  514. $project_data['status'] = UPDATE_FETCH_PENDING;
  515. $project_data['reason'] = t('No available update data');
  516. $project_data['fetch_status'] = $available['fetch_status'];
  517. return;
  518. }
  519. // Defend ourselves from XML history files that contain no releases.
  520. if (empty($available['releases'])) {
  521. $project_data['status'] = UPDATE_UNKNOWN;
  522. $project_data['reason'] = t('No available releases found');
  523. return;
  524. }
  525. foreach ($available['releases'] as $version => $release) {
  526. // First, if this is the existing release, check a few conditions.
  527. if ($project_data['existing_version'] === $version) {
  528. if (isset($release['terms']['Release type']) &&
  529. in_array('Insecure', $release['terms']['Release type'])) {
  530. $project_data['status'] = UPDATE_NOT_SECURE;
  531. }
  532. elseif ($release['status'] == 'unpublished') {
  533. $project_data['status'] = UPDATE_REVOKED;
  534. if (empty($project_data['extra'])) {
  535. $project_data['extra'] = array();
  536. }
  537. $project_data['extra'][] = array(
  538. 'class' => array('release-revoked'),
  539. 'label' => t('Release revoked'),
  540. 'data' => t('Your currently installed release has been revoked, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),
  541. );
  542. }
  543. elseif (isset($release['terms']['Release type']) &&
  544. in_array('Unsupported', $release['terms']['Release type'])) {
  545. $project_data['status'] = UPDATE_NOT_SUPPORTED;
  546. if (empty($project_data['extra'])) {
  547. $project_data['extra'] = array();
  548. }
  549. $project_data['extra'][] = array(
  550. 'class' => array('release-not-supported'),
  551. 'label' => t('Release not supported'),
  552. 'data' => t('Your currently installed release is now unsupported, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),
  553. );
  554. }
  555. }
  556. // Otherwise, ignore unpublished, insecure, or unsupported releases.
  557. if ($release['status'] == 'unpublished' ||
  558. (isset($release['terms']['Release type']) &&
  559. (in_array('Insecure', $release['terms']['Release type']) ||
  560. in_array('Unsupported', $release['terms']['Release type'])))) {
  561. continue;
  562. }
  563. // See if this is a higher major version than our target and yet still
  564. // supported. If so, record it as an "Also available" release.
  565. // Note: some projects have a HEAD release from CVS days, which could
  566. // be one of those being compared. They would not have version_major
  567. // set, so we must call isset first.
  568. if (isset($release['version_major']) && $release['version_major'] > $target_major) {
  569. if (in_array($release['version_major'], $supported_majors)) {
  570. if (!isset($project_data['also'])) {
  571. $project_data['also'] = array();
  572. }
  573. if (!isset($project_data['also'][$release['version_major']])) {
  574. $project_data['also'][$release['version_major']] = $version;
  575. $project_data['releases'][$version] = $release;
  576. }
  577. }
  578. // Otherwise, this release can't matter to us, since it's neither
  579. // from the release series we're currently using nor the recommended
  580. // release. We don't even care about security updates for this
  581. // branch, since if a project maintainer puts out a security release
  582. // at a higher major version and not at the lower major version,
  583. // they must remove the lower version from the supported major
  584. // versions at the same time, in which case we won't hit this code.
  585. continue;
  586. }
  587. // Look for the 'latest version' if we haven't found it yet. Latest is
  588. // defined as the most recent version for the target major version.
  589. if (!isset($project_data['latest_version'])
  590. && $release['version_major'] == $target_major) {
  591. $project_data['latest_version'] = $version;
  592. $project_data['releases'][$version] = $release;
  593. }
  594. // Look for the development snapshot release for this branch.
  595. if (!isset($project_data['dev_version'])
  596. && $release['version_major'] == $target_major
  597. && isset($release['version_extra'])
  598. && $release['version_extra'] == 'dev') {
  599. $project_data['dev_version'] = $version;
  600. $project_data['releases'][$version] = $release;
  601. }
  602. // Look for the 'recommended' version if we haven't found it yet (see
  603. // phpdoc at the top of this function for the definition).
  604. if (!isset($project_data['recommended'])
  605. && $release['version_major'] == $target_major
  606. && isset($release['version_patch'])) {
  607. if ($patch != $release['version_patch']) {
  608. $patch = $release['version_patch'];
  609. $release_patch_changed = $release;
  610. }
  611. if (empty($release['version_extra']) && $patch == $release['version_patch']) {
  612. $project_data['recommended'] = $release_patch_changed['version'];
  613. $project_data['releases'][$release_patch_changed['version']] = $release_patch_changed;
  614. }
  615. }
  616. // Stop searching once we hit the currently installed version.
  617. if ($project_data['existing_version'] === $version) {
  618. break;
  619. }
  620. // If we're running a dev snapshot and have a timestamp, stop
  621. // searching for security updates once we hit an official release
  622. // older than what we've got. Allow 100 seconds of leeway to handle
  623. // differences between the datestamp in the .info file and the
  624. // timestamp of the tarball itself (which are usually off by 1 or 2
  625. // seconds) so that we don't flag that as a new release.
  626. if ($project_data['install_type'] == 'dev') {
  627. if (empty($project_data['datestamp'])) {
  628. // We don't have current timestamp info, so we can't know.
  629. continue;
  630. }
  631. elseif (isset($release['date']) && ($project_data['datestamp'] + 100 > $release['date'])) {
  632. // We're newer than this, so we can skip it.
  633. continue;
  634. }
  635. }
  636. // See if this release is a security update.
  637. if (isset($release['terms']['Release type'])
  638. && in_array('Security update', $release['terms']['Release type'])) {
  639. $project_data['security updates'][] = $release;
  640. }
  641. }
  642. // If we were unable to find a recommended version, then make the latest
  643. // version the recommended version if possible.
  644. if (!isset($project_data['recommended']) && isset($project_data['latest_version'])) {
  645. $project_data['recommended'] = $project_data['latest_version'];
  646. }
  647. //
  648. // Check to see if we need an update or not.
  649. //
  650. if (!empty($project_data['security updates'])) {
  651. // If we found security updates, that always trumps any other status.
  652. $project_data['status'] = UPDATE_NOT_SECURE;
  653. }
  654. if (isset($project_data['status'])) {
  655. // If we already know the status, we're done.
  656. return;
  657. }
  658. // If we don't know what to recommend, there's nothing we can report.
  659. // Bail out early.
  660. if (!isset($project_data['recommended'])) {
  661. $project_data['status'] = UPDATE_UNKNOWN;
  662. $project_data['reason'] = t('No available releases found');
  663. return;
  664. }
  665. // If we're running a dev snapshot, compare the date of the dev snapshot
  666. // with the latest official version, and record the absolute latest in
  667. // 'latest_dev' so we can correctly decide if there's a newer release
  668. // than our current snapshot.
  669. if ($project_data['install_type'] == 'dev') {
  670. if (isset($project_data['dev_version']) && $available['releases'][$project_data['dev_version']]['date'] > $available['releases'][$project_data['latest_version']]['date']) {
  671. $project_data['latest_dev'] = $project_data['dev_version'];
  672. }
  673. else {
  674. $project_data['latest_dev'] = $project_data['latest_version'];
  675. }
  676. }
  677. // Figure out the status, based on what we've seen and the install type.
  678. switch ($project_data['install_type']) {
  679. case 'official':
  680. if ($project_data['existing_version'] === $project_data['recommended'] || $project_data['existing_version'] === $project_data['latest_version']) {
  681. $project_data['status'] = UPDATE_CURRENT;
  682. }
  683. else {
  684. $project_data['status'] = UPDATE_NOT_CURRENT;
  685. }
  686. break;
  687. case 'dev':
  688. $latest = $available['releases'][$project_data['latest_dev']];
  689. if (empty($project_data['datestamp'])) {
  690. $project_data['status'] = UPDATE_NOT_CHECKED;
  691. $project_data['reason'] = t('Unknown release date');
  692. }
  693. elseif (($project_data['datestamp'] + 100 > $latest['date'])) {
  694. $project_data['status'] = UPDATE_CURRENT;
  695. }
  696. else {
  697. $project_data['status'] = UPDATE_NOT_CURRENT;
  698. }
  699. break;
  700. default:
  701. $project_data['status'] = UPDATE_UNKNOWN;
  702. $project_data['reason'] = t('Invalid info');
  703. }
  704. }
  705. /**
  706. * Retrieves data from {cache_update} or empties the cache when necessary.
  707. *
  708. * Two very expensive arrays computed by this module are the list of all
  709. * installed modules and themes (and .info data, project associations, etc), and
  710. * the current status of the site relative to the currently available releases.
  711. * These two arrays are cached in the {cache_update} table and used whenever
  712. * possible. The cache is cleared whenever the administrator visits the status
  713. * report, available updates report, or the module or theme administration
  714. * pages, since we should always recompute the most current values on any of
  715. * those pages.
  716. *
  717. * Note: while both of these arrays are expensive to compute (in terms of disk
  718. * I/O and some fairly heavy CPU processing), neither of these is the actual
  719. * data about available updates that we have to fetch over the network from
  720. * updates.drupal.org. That information is stored with the
  721. * 'update_available_releases' cache ID -- it needs to persist longer than 1
  722. * hour and never get invalidated just by visiting a page on the site.
  723. *
  724. * @param $cid
  725. * The cache ID of data to return from the cache. Valid options are
  726. * 'update_project_data' and 'update_project_projects'.
  727. *
  728. * @return
  729. * The cached value of the $projects array generated by
  730. * update_calculate_project_data() or update_get_projects(), or an empty array
  731. * when the cache is cleared.
  732. */
  733. function update_project_cache($cid) {
  734. $projects = array();
  735. // On certain paths, we should clear the cache and recompute the projects for
  736. // update status of the site to avoid presenting stale information.
  737. $q = $_GET['q'];
  738. $paths = array(
  739. 'admin/modules',
  740. 'admin/modules/update',
  741. 'admin/appearance',
  742. 'admin/appearance/update',
  743. 'admin/reports',
  744. 'admin/reports/updates',
  745. 'admin/reports/updates/update',
  746. 'admin/reports/status',
  747. 'admin/reports/updates/check',
  748. );
  749. if (in_array($q, $paths)) {
  750. _update_cache_clear($cid);
  751. }
  752. else {
  753. $cache = _update_cache_get($cid);
  754. if (!empty($cache->data) && $cache->expire > REQUEST_TIME) {
  755. $projects = $cache->data;
  756. }
  757. }
  758. return $projects;
  759. }
  760. /**
  761. * Filters the project .info data to only save attributes we need.
  762. *
  763. * @param array $info
  764. * Array of .info file data as returned by drupal_parse_info_file().
  765. *
  766. * @return
  767. * Array of .info file data we need for the update manager.
  768. *
  769. * @see _update_process_info_list()
  770. */
  771. function update_filter_project_info($info) {
  772. $whitelist = array(
  773. '_info_file_ctime',
  774. 'datestamp',
  775. 'major',
  776. 'name',
  777. 'package',
  778. 'project',
  779. 'project status url',
  780. 'version',
  781. );
  782. return array_intersect_key($info, drupal_map_assoc($whitelist));
  783. }