'item_list', '#title' => t('Downloading updates failed:'), '#items' => $results['errors'], ]; \Drupal::messenger()->addError(\Drupal::service('renderer')->render($item_list)); } elseif ($success) { \Drupal::messenger()->addStatus(t('Updates downloaded successfully.')); \Drupal::request()->getSession()->set('update_manager_update_projects', $results['projects']); return new RedirectResponse(Url::fromRoute('update.confirmation_page', [], ['absolute' => TRUE])->toString()); } else { // Ideally we're catching all Exceptions, so they should never see this, // but just in case, we have to tell them something. \Drupal::messenger()->addError(t('Fatal error trying to download.')); } } /** * Checks for file transfer backends and prepares a form fragment about them. * * @param array $form * Reference to the form array we're building. * @param string $operation * The update manager operation we're in the middle of. Can be either 'update' * or 'install'. Use to provide operation-specific interface text. * * @return * TRUE if the update manager should continue to the next step in the * workflow, or FALSE if we've hit a fatal configuration and must halt the * workflow. */ function _update_manager_check_backends(&$form, $operation) { // If file transfers will be performed locally, we do not need to display any // warnings or notices to the user and should automatically continue the // workflow, since we won't be using a FileTransfer backend that requires // user input or a specific server configuration. if (update_manager_local_transfers_allowed()) { return TRUE; } // Otherwise, show the available backends. $form['available_backends'] = [ '#prefix' => '
', '#suffix' => '
', ]; $available_backends = drupal_get_filetransfer_info(); if (empty($available_backends)) { if ($operation == 'update') { $form['available_backends']['#markup'] = t('Your server does not support updating modules and themes from this interface. Instead, update modules and themes by uploading the new versions directly to the server, as documented in Extending Drupal 8.', [':doc_url' => 'https://www.drupal.org/docs/8/extending-drupal-8/overview']); } else { $form['available_backends']['#markup'] = t('Your server does not support installing modules and themes from this interface. Instead, install modules and themes by uploading them directly to the server, as documented in Extending Drupal 8.', [':doc_url' => 'https://www.drupal.org/docs/8/extending-drupal-8/overview']); } return FALSE; } $backend_names = []; foreach ($available_backends as $backend) { $backend_names[] = $backend['title']; } if ($operation == 'update') { $form['available_backends']['#markup'] = \Drupal::translation()->formatPlural( count($available_backends), 'Updating modules and themes requires @backends access to your server. See Extending Drupal 8 for other update methods.', 'Updating modules and themes requires access to your server via one of the following methods: @backends. See Extending Drupal 8 for other update methods.', [ '@backends' => implode(', ', $backend_names), ':doc_url' => 'https://www.drupal.org/docs/8/extending-drupal-8/overview', ]); } else { $form['available_backends']['#markup'] = \Drupal::translation()->formatPlural( count($available_backends), 'Installing modules and themes requires @backends access to your server. See Extending Drupal 8 for other installation methods.', 'Installing modules and themes requires access to your server via one of the following methods: @backends. See Extending Drupal 8 for other installation methods.', [ '@backends' => implode(', ', $backend_names), ':doc_url' => 'https://www.drupal.org/docs/8/extending-drupal-8/overview', ]); } return TRUE; } /** * Unpacks a downloaded archive file. * * @param string $file * The filename of the archive you wish to extract. * @param string $directory * The directory you wish to extract the archive into. * * @return \Drupal\Core\Archiver\ArchiverInterface * The Archiver object used to extract the archive. * * @throws Exception */ function update_manager_archive_extract($file, $directory) { /** @var \Drupal\Core\Archiver\ArchiverInterface $archiver */ $archiver = \Drupal::service('plugin.manager.archiver')->getInstance([ 'filepath' => $file, ]); if (!$archiver) { throw new Exception("Cannot extract '$file', not a valid archive"); } // Remove the directory if it exists, otherwise it might contain a mixture of // old files mixed with the new files (e.g. in cases where files were removed // from a later release). $files = $archiver->listContents(); // Unfortunately, we can only use the directory name to determine the project // name. Some archivers list the first file as the directory (i.e., MODULE/) // and others list an actual file (i.e., MODULE/README.TXT). $project = strtok($files[0], '/\\'); $extract_location = $directory . '/' . $project; if (file_exists($extract_location)) { try { \Drupal::service('file_system')->deleteRecursive($extract_location); } catch (FileException $e) { // Ignore failed deletes. } } $archiver->extract($directory); return $archiver; } /** * Verifies an archive after it has been downloaded and extracted. * * This function is responsible for invoking hook_verify_update_archive(). * * @param string $project * The short name of the project to download. * @param string $archive_file * The filename of the unextracted archive. * @param string $directory * The directory that the archive was extracted into. * * @return array * An array of error messages to display if the archive was invalid. If there * are no errors, it will be an empty array. */ function update_manager_archive_verify($project, $archive_file, $directory) { return \Drupal::moduleHandler()->invokeAll('verify_update_archive', [$project, $archive_file, $directory]); } /** * Copies a file from the specified URL to the temporary directory for updates. * * Returns the local path if the file has already been downloaded. * * @param $url * The URL of the file on the server. * * @return string * Path to local file. */ function update_manager_file_get($url) { $parsed_url = parse_url($url); $remote_schemes = ['http', 'https', 'ftp', 'ftps', 'smb', 'nfs']; if (!isset($parsed_url['scheme']) || !in_array($parsed_url['scheme'], $remote_schemes)) { // This is a local file, just return the path. return \Drupal::service('file_system')->realpath($url); } // Check the cache and download the file if needed. $cache_directory = _update_manager_cache_directory(); $local = $cache_directory . '/' . \Drupal::service('file_system')->basename($parsed_url['path']); if (!file_exists($local) || update_delete_file_if_stale($local)) { return system_retrieve_file($url, $local, FALSE, FileSystemInterface::EXISTS_REPLACE); } else { return $local; } } /** * Implements callback_batch_operation(). * * Downloads, unpacks, and verifies a project. * * This function assumes that the provided URL points to a file archive of some * sort. The URL can have any scheme that we have a file stream wrapper to * support. The file is downloaded to a local cache. * * @param string $project * The short name of the project to download. * @param string $url * The URL to download a specific project release archive file. * @param array $context * Reference to an array used for Batch API storage. * * @see update_manager_download_page() */ function update_manager_batch_project_get($project, $url, &$context) { // This is here to show the user that we are in the process of downloading. if (!isset($context['sandbox']['started'])) { $context['sandbox']['started'] = TRUE; $context['message'] = t('Downloading %project', ['%project' => $project]); $context['finished'] = 0; return; } // Actually try to download the file. if (!($local_cache = update_manager_file_get($url))) { $context['results']['errors'][$project] = t('Failed to download %project from %url', ['%project' => $project, '%url' => $url]); return; } // Extract it. $extract_directory = _update_manager_extract_directory(); try { update_manager_archive_extract($local_cache, $extract_directory); } catch (Exception $e) { $context['results']['errors'][$project] = $e->getMessage(); return; } // Verify it. $archive_errors = update_manager_archive_verify($project, $local_cache, $extract_directory); if (!empty($archive_errors)) { // We just need to make sure our array keys don't collide, so use the // numeric keys from the $archive_errors array. foreach ($archive_errors as $key => $error) { $context['results']['errors']["$project-$key"] = $error; } return; } // Yay, success. $context['results']['projects'][$project] = $url; $context['finished'] = 1; } /** * Determines if file transfers will be performed locally. * * If the server is configured such that webserver-created files have the same * owner as the configuration directory (e.g., sites/default) where new code * will eventually be installed, the update manager can transfer files entirely * locally, without changing their ownership (in other words, without prompting * the user for FTP, SSH or other credentials). * * This server configuration is an inherent security weakness because it allows * a malicious webserver process to append arbitrary PHP code and then execute * it. However, it is supported here because it is a common configuration on * shared hosting, and there is nothing Drupal can do to prevent it. * * @return * TRUE if local file transfers are allowed on this server, or FALSE if not. * * @see install_check_requirements() */ function update_manager_local_transfers_allowed() { $file_system = \Drupal::service('file_system'); // Compare the owner of a webserver-created temporary file to the owner of // the configuration directory to determine if local transfers will be // allowed. $temporary_file = \Drupal::service('file_system')->tempnam('temporary://', 'update_'); $site_path = \Drupal::service('site.path'); $local_transfers_allowed = fileowner($temporary_file) === fileowner($site_path); // Clean up. If this fails, we can ignore it (since this is just a temporary // file anyway). @$file_system->unlink($temporary_file); return $local_transfers_allowed; }