| Drupal | PHP Cross Reference | Content Management Systems |
1 <?php 2 3 /** 4 * @file 5 * Administrative screens and processing functions of the Update Manager module. 6 * 7 * This allows site administrators with the 'administer software updates' 8 * permission to either upgrade existing projects, or download and install new 9 * ones, so long as the killswitch setting ('allow_authorize_operations') is 10 * still TRUE. 11 * 12 * To install new code, the administrator is prompted for either the URL of an 13 * archive file, or to directly upload the archive file. The archive is loaded 14 * into a temporary location, extracted, and verified. If everything is 15 * successful, the user is redirected to authorize.php to type in file transfer 16 * credentials and authorize the installation to proceed with elevated 17 * privileges, such that the extracted files can be copied out of the temporary 18 * location and into the live web root. 19 * 20 * Updating existing code is a more elaborate process. The first step is a 21 * selection form where the user is presented with a table of installed projects 22 * that are missing newer releases. The user selects which projects they wish to 23 * update, and presses the "Download updates" button to continue. This sets up a 24 * batch to fetch all the selected releases, and redirects to 25 * admin/update/download to display the batch progress bar as it runs. Each 26 * batch operation is responsible for downloading a single file, extracting the 27 * archive, and verifying the contents. If there are any errors, the user is 28 * redirected back to the first page with the error messages. If all downloads 29 * were extacted and verified, the user is instead redirected to 30 * admin/update/ready, a landing page which reminds them to backup their 31 * database and asks if they want to put the site offline during the update. 32 * Once the user presses the "Install updates" button, they are redirected to 33 * authorize.php to supply their web root file access credentials. The 34 * authorized operation (which lives in update.authorize.inc) sets up a batch to 35 * copy each extracted update from the temporary location into the live web 36 * root. 37 */ 38 39 /** 40 * @defgroup update_manager_update Update Manager module: update 41 * @{ 42 * Update Manager module functionality for updating existing code. 43 * 44 * Provides a user interface to update existing code. 45 */ 46 47 /** 48 * Form constructor for the update form of the Update Manager module. 49 * 50 * This presents a table with all projects that have available updates with 51 * checkboxes to select which ones to upgrade. 52 * 53 * @param $context 54 * String representing the context from which we're trying to update. 55 * Allowed values are 'module', 'theme', and 'report'. 56 * 57 * @see update_manager_update_form_validate() 58 * @see update_manager_update_form_submit() 59 * @see update_menu() 60 * @ingroup forms 61 */ 62 function update_manager_update_form($form, $form_state = array(), $context) { 63 if (!_update_manager_check_backends($form, 'update')) { 64 return $form; 65 } 66 67 $form['#theme'] = 'update_manager_update_form'; 68 69 $available = update_get_available(TRUE); 70 if (empty($available)) { 71 $form['message'] = array( 72 '#markup' => t('There was a problem getting update information. Try again later.'), 73 ); 74 return $form; 75 } 76 77 $form['#attached']['css'][] = drupal_get_path('module', 'update') . '/update.css'; 78 79 // This will be a nested array. The first key is the kind of project, which 80 // can be either 'enabled', 'disabled', 'manual' (projects which require 81 // manual updates, such as core). Then, each subarray is an array of 82 // projects of that type, indexed by project short name, and containing an 83 // array of data for cells in that project's row in the appropriate table. 84 $projects = array(); 85 86 // This stores the actual download link we're going to update from for each 87 // project in the form, regardless of if it's enabled or disabled. 88 $form['project_downloads'] = array('#tree' => TRUE); 89 90 module_load_include('inc', 'update', 'update.compare'); 91 $project_data = update_calculate_project_data($available); 92 foreach ($project_data as $name => $project) { 93 // Filter out projects which are up to date already. 94 if ($project['status'] == UPDATE_CURRENT) { 95 continue; 96 } 97 // The project name to display can vary based on the info we have. 98 if (!empty($project['title'])) { 99 if (!empty($project['link'])) { 100 $project_name = l($project['title'], $project['link']); 101 } 102 else { 103 $project_name = check_plain($project['title']); 104 } 105 } 106 elseif (!empty($project['info']['name'])) { 107 $project_name = check_plain($project['info']['name']); 108 } 109 else { 110 $project_name = check_plain($name); 111 } 112 if ($project['project_type'] == 'theme' || $project['project_type'] == 'theme-disabled') { 113 $project_name .= ' ' . t('(Theme)'); 114 } 115 116 if (empty($project['recommended'])) { 117 // If we don't know what to recommend they upgrade to, we should skip 118 // the project entirely. 119 continue; 120 } 121 122 $recommended_release = $project['releases'][$project['recommended']]; 123 $recommended_version = $recommended_release['version'] . ' ' . l(t('(Release notes)'), $recommended_release['release_link'], array('attributes' => array('title' => t('Release notes for @project_title', array('@project_title' => $project['title']))))); 124 if ($recommended_release['version_major'] != $project['existing_major']) { 125 $recommended_version .= '<div title="Major upgrade warning" class="update-major-version-warning">' . t('This update is a major version update which means that it may not be backwards compatible with your currently running version. It is recommended that you read the release notes and proceed at your own risk.') . '</div>'; 126 } 127 128 // Create an entry for this project. 129 $entry = array( 130 'title' => $project_name, 131 'installed_version' => $project['existing_version'], 132 'recommended_version' => $recommended_version, 133 ); 134 135 switch ($project['status']) { 136 case UPDATE_NOT_SECURE: 137 case UPDATE_REVOKED: 138 $entry['title'] .= ' ' . t('(Security update)'); 139 $entry['#weight'] = -2; 140 $type = 'security'; 141 break; 142 143 case UPDATE_NOT_SUPPORTED: 144 $type = 'unsupported'; 145 $entry['title'] .= ' ' . t('(Unsupported)'); 146 $entry['#weight'] = -1; 147 break; 148 149 case UPDATE_UNKNOWN: 150 case UPDATE_NOT_FETCHED: 151 case UPDATE_NOT_CHECKED: 152 case UPDATE_NOT_CURRENT: 153 $type = 'recommended'; 154 break; 155 156 default: 157 // Jump out of the switch and onto the next project in foreach. 158 continue 2; 159 } 160 161 $entry['#attributes'] = array('class' => array('update-' . $type)); 162 163 // Drupal core needs to be upgraded manually. 164 $needs_manual = $project['project_type'] == 'core'; 165 166 if ($needs_manual) { 167 // There are no checkboxes in the 'Manual updates' table so it will be 168 // rendered by theme('table'), not theme('tableselect'). Since the data 169 // formats are incompatible, we convert now to the format expected by 170 // theme('table'). 171 unset($entry['#weight']); 172 $attributes = $entry['#attributes']; 173 unset($entry['#attributes']); 174 $entry = array( 175 'data' => $entry, 176 ) + $attributes; 177 } 178 else { 179 $form['project_downloads'][$name] = array( 180 '#type' => 'value', 181 '#value' => $recommended_release['download_link'], 182 ); 183 } 184 185 // Based on what kind of project this is, save the entry into the 186 // appropriate subarray. 187 switch ($project['project_type']) { 188 case 'core': 189 // Core needs manual updates at this time. 190 $projects['manual'][$name] = $entry; 191 break; 192 193 case 'module': 194 case 'theme': 195 $projects['enabled'][$name] = $entry; 196 break; 197 198 case 'module-disabled': 199 case 'theme-disabled': 200 $projects['disabled'][$name] = $entry; 201 break; 202 } 203 } 204 205 if (empty($projects)) { 206 $form['message'] = array( 207 '#markup' => t('All of your projects are up to date.'), 208 ); 209 return $form; 210 } 211 212 $headers = array( 213 'title' => array( 214 'data' => t('Name'), 215 'class' => array('update-project-name'), 216 ), 217 'installed_version' => t('Installed version'), 218 'recommended_version' => t('Recommended version'), 219 ); 220 221 if (!empty($projects['enabled'])) { 222 $form['projects'] = array( 223 '#type' => 'tableselect', 224 '#header' => $headers, 225 '#options' => $projects['enabled'], 226 ); 227 if (!empty($projects['disabled'])) { 228 $form['projects']['#prefix'] = '<h2>' . t('Enabled') . '</h2>'; 229 } 230 } 231 232 if (!empty($projects['disabled'])) { 233 $form['disabled_projects'] = array( 234 '#type' => 'tableselect', 235 '#header' => $headers, 236 '#options' => $projects['disabled'], 237 '#weight' => 1, 238 '#prefix' => '<h2>' . t('Disabled') . '</h2>', 239 ); 240 } 241 242 // If either table has been printed yet, we need a submit button and to 243 // validate the checkboxes. 244 if (!empty($projects['enabled']) || !empty($projects['disabled'])) { 245 $form['actions'] = array('#type' => 'actions'); 246 $form['actions']['submit'] = array( 247 '#type' => 'submit', 248 '#value' => t('Download these updates'), 249 ); 250 $form['#validate'][] = 'update_manager_update_form_validate'; 251 } 252 253 if (!empty($projects['manual'])) { 254 $prefix = '<h2>' . t('Manual updates required') . '</h2>'; 255 $prefix .= '<p>' . t('Updates of Drupal core are not supported at this time.') . '</p>'; 256 $form['manual_updates'] = array( 257 '#type' => 'markup', 258 '#markup' => theme('table', array('header' => $headers, 'rows' => $projects['manual'])), 259 '#prefix' => $prefix, 260 '#weight' => 120, 261 ); 262 } 263 264 return $form; 265 } 266 267 /** 268 * Returns HTML for the first page in the process of updating projects. 269 * 270 * @param $variables 271 * An associative array containing: 272 * - form: A render element representing the form. 273 * 274 * @ingroup themeable 275 */ 276 function theme_update_manager_update_form($variables) { 277 $form = $variables['form']; 278 $last = variable_get('update_last_check', 0); 279 $output = theme('update_last_check', array('last' => $last)); 280 $output .= drupal_render_children($form); 281 return $output; 282 } 283 284 /** 285 * Form validation handler for update_manager_update_form(). 286 * 287 * Ensures that at least one project is selected. 288 * 289 * @see update_manager_update_form_submit() 290 */ 291 function update_manager_update_form_validate($form, &$form_state) { 292 if (!empty($form_state['values']['projects'])) { 293 $enabled = array_filter($form_state['values']['projects']); 294 } 295 if (!empty($form_state['values']['disabled_projects'])) { 296 $disabled = array_filter($form_state['values']['disabled_projects']); 297 } 298 if (empty($enabled) && empty($disabled)) { 299 form_set_error('projects', t('You must select at least one project to update.')); 300 } 301 } 302 303 /** 304 * Form submission handler for update_manager_update_form(). 305 * 306 * Sets up a batch that downloads, extracts, and verifies the selected releases. 307 * 308 * @see update_manager_update_form_validate() 309 */ 310 function update_manager_update_form_submit($form, &$form_state) { 311 $projects = array(); 312 foreach (array('projects', 'disabled_projects') as $type) { 313 if (!empty($form_state['values'][$type])) { 314 $projects = array_merge($projects, array_keys(array_filter($form_state['values'][$type]))); 315 } 316 } 317 $operations = array(); 318 foreach ($projects as $project) { 319 $operations[] = array( 320 'update_manager_batch_project_get', 321 array( 322 $project, 323 $form_state['values']['project_downloads'][$project], 324 ), 325 ); 326 } 327 $batch = array( 328 'title' => t('Downloading updates'), 329 'init_message' => t('Preparing to download selected updates'), 330 'operations' => $operations, 331 'finished' => 'update_manager_download_batch_finished', 332 'file' => drupal_get_path('module', 'update') . '/update.manager.inc', 333 ); 334 batch_set($batch); 335 } 336 337 /** 338 * Batch callback: Performs actions when the download batch is completed. 339 * 340 * @param $success 341 * TRUE if the batch operation was successful, FALSE if there were errors. 342 * @param $results 343 * An associative array of results from the batch operation. 344 */ 345 function update_manager_download_batch_finished($success, $results) { 346 if (!empty($results['errors'])) { 347 $error_list = array( 348 'title' => t('Downloading updates failed:'), 349 'items' => $results['errors'], 350 ); 351 drupal_set_message(theme('item_list', $error_list), 'error'); 352 } 353 elseif ($success) { 354 drupal_set_message(t('Updates downloaded successfully.')); 355 $_SESSION['update_manager_update_projects'] = $results['projects']; 356 drupal_goto('admin/update/ready'); 357 } 358 else { 359 // Ideally we're catching all Exceptions, so they should never see this, 360 // but just in case, we have to tell them something. 361 drupal_set_message(t('Fatal error trying to download.'), 'error'); 362 } 363 } 364 365 /** 366 * Form constructor for the update ready form. 367 * 368 * Build the form when the site is ready to update (after downloading). 369 * 370 * This form is an intermediary step in the automated update workflow. It is 371 * presented to the site administrator after all the required updates have been 372 * downloaded and verified. The point of this page is to encourage the user to 373 * backup their site, give them the opportunity to put the site offline, and 374 * then ask them to confirm that the update should continue. After this step, 375 * the user is redirected to authorize.php to enter their file transfer 376 * credentials and attempt to complete the update. 377 * 378 * @see update_manager_update_ready_form_submit() 379 * @see update_menu() 380 * @ingroup forms 381 */ 382 function update_manager_update_ready_form($form, &$form_state) { 383 if (!_update_manager_check_backends($form, 'update')) { 384 return $form; 385 } 386 387 $form['backup'] = array( 388 '#prefix' => '<strong>', 389 '#markup' => t('Back up your database and site before you continue. <a href="@backup_url">Learn how</a>.', array('@backup_url' => url('http://drupal.org/node/22281'))), 390 '#suffix' => '</strong>', 391 ); 392 393 $form['maintenance_mode'] = array( 394 '#title' => t('Perform updates with site in maintenance mode (strongly recommended)'), 395 '#type' => 'checkbox', 396 '#default_value' => TRUE, 397 ); 398 399 $form['actions'] = array('#type' => 'actions'); 400 $form['actions']['submit'] = array( 401 '#type' => 'submit', 402 '#value' => t('Continue'), 403 ); 404 405 return $form; 406 } 407 408 /** 409 * Form submission handler for update_manager_update_ready_form(). 410 * 411 * If the site administrator requested that the site is put offline during the 412 * update, do so now. Otherwise, pull information about all the required updates 413 * out of the SESSION, figure out what Drupal\Core\Updater\Updater class is 414 * needed for each one, generate an array of update operations to perform, and 415 * hand it all off to system_authorized_init(), then redirect to authorize.php. 416 * 417 * @see update_authorize_run_update() 418 * @see system_authorized_init() 419 * @see system_authorized_get_url() 420 */ 421 function update_manager_update_ready_form_submit($form, &$form_state) { 422 // Store maintenance_mode setting so we can restore it when done. 423 $_SESSION['maintenance_mode'] = variable_get('maintenance_mode', FALSE); 424 if ($form_state['values']['maintenance_mode'] == TRUE) { 425 variable_set('maintenance_mode', TRUE); 426 } 427 428 if (!empty($_SESSION['update_manager_update_projects'])) { 429 // Make sure the Updater registry is loaded. 430 drupal_get_updaters(); 431 432 $updates = array(); 433 $directory = _update_manager_extract_directory(); 434 435 $projects = $_SESSION['update_manager_update_projects']; 436 unset($_SESSION['update_manager_update_projects']); 437 438 foreach ($projects as $project => $url) { 439 $project_location = $directory . '/' . $project; 440 $updater = Updater::factory($project_location); 441 $project_real_location = drupal_realpath($project_location); 442 $updates[] = array( 443 'project' => $project, 444 'updater_name' => get_class($updater), 445 'local_url' => $project_real_location, 446 ); 447 } 448 449 // If the owner of the last directory we extracted is the same as the 450 // owner of our configuration directory (e.g. sites/default) where we're 451 // trying to install the code, there's no need to prompt for FTP/SSH 452 // credentials. Instead, we instantiate a FileTransferLocal and invoke 453 // update_authorize_run_update() directly. 454 if (fileowner($project_real_location) == fileowner(conf_path())) { 455 module_load_include('inc', 'update', 'update.authorize'); 456 $filetransfer = new FileTransferLocal(DRUPAL_ROOT); 457 update_authorize_run_update($filetransfer, $updates); 458 } 459 // Otherwise, go through the regular workflow to prompt for FTP/SSH 460 // credentials and invoke update_authorize_run_update() indirectly with 461 // whatever FileTransfer object authorize.php creates for us. 462 else { 463 system_authorized_init('update_authorize_run_update', drupal_get_path('module', 'update') . '/update.authorize.inc', array($updates), t('Update manager')); 464 $form_state['redirect'] = system_authorized_get_url(); 465 } 466 } 467 } 468 469 /** 470 * @} End of "defgroup update_manager_update". 471 */ 472 473 /** 474 * @defgroup update_manager_install Update Manager module: install 475 * @{ 476 * Update Manager module functionality for installing new code. 477 * 478 * Provides a user interface to install new code. 479 */ 480 481 /** 482 * Form constructor for the install form of the Update Manager module. 483 * 484 * This presents a place to enter a URL or upload an archive file to use to 485 * install a new module or theme. 486 * 487 * @param $context 488 * String representing the context from which we're trying to install. 489 * Allowed values are 'module', 'theme', and 'report'. 490 * 491 * @see update_manager_install_form_validate() 492 * @see update_manager_install_form_submit() 493 * @see update_menu() 494 * @ingroup forms 495 */ 496 function update_manager_install_form($form, &$form_state, $context) { 497 if (!_update_manager_check_backends($form, 'install')) { 498 return $form; 499 } 500 501 $form['help_text'] = array( 502 '#prefix' => '<p>', 503 '#markup' => t('You can find <a href="@module_url">modules</a> and <a href="@theme_url">themes</a> on <a href="@drupal_org_url">drupal.org</a>. The following file extensions are supported: %extensions.', array( 504 '@module_url' => 'http://drupal.org/project/modules', 505 '@theme_url' => 'http://drupal.org/project/themes', 506 '@drupal_org_url' => 'http://drupal.org', 507 '%extensions' => archiver_get_extensions(), 508 )), 509 '#suffix' => '</p>', 510 ); 511 512 $form['project_url'] = array( 513 '#type' => 'textfield', 514 '#title' => t('Install from a URL'), 515 '#description' => t('For example: %url', array('%url' => 'http://ftp.drupal.org/files/projects/name.tar.gz')), 516 ); 517 518 $form['information'] = array( 519 '#prefix' => '<strong>', 520 '#markup' => t('Or'), 521 '#suffix' => '</strong>', 522 ); 523 524 $form['project_upload'] = array( 525 '#type' => 'file', 526 '#title' => t('Upload a module or theme archive to install'), 527 '#description' => t('For example: %filename from your local computer', array('%filename' => 'name.tar.gz')), 528 ); 529 530 $form['actions'] = array('#type' => 'actions'); 531 $form['actions']['submit'] = array( 532 '#type' => 'submit', 533 '#value' => t('Install'), 534 ); 535 536 return $form; 537 } 538 539 /** 540 * Checks for file transfer backends and prepares a form fragment about them. 541 * 542 * @param array $form 543 * Reference to the form array we're building. 544 * @param string $operation 545 * The update manager operation we're in the middle of. Can be either 'update' 546 * or 'install'. Use to provide operation-specific interface text. 547 * 548 * @return 549 * TRUE if the update manager should continue to the next step in the 550 * workflow, or FALSE if we've hit a fatal configuration and must halt the 551 * workflow. 552 */ 553 function _update_manager_check_backends(&$form, $operation) { 554 // If file transfers will be performed locally, we do not need to display any 555 // warnings or notices to the user and should automatically continue the 556 // workflow, since we won't be using a FileTransfer backend that requires 557 // user input or a specific server configuration. 558 if (update_manager_local_transfers_allowed()) { 559 return TRUE; 560 } 561 562 // Otherwise, show the available backends. 563 $form['available_backends'] = array( 564 '#prefix' => '<p>', 565 '#suffix' => '</p>', 566 ); 567 568 $available_backends = drupal_get_filetransfer_info(); 569 if (empty($available_backends)) { 570 if ($operation == 'update') { 571 $form['available_backends']['#markup'] = t('Your server does not support updating modules and themes from this interface. Instead, update modules and themes by uploading the new versions directly to the server, as described in the <a href="@handbook_url">handbook</a>.', array('@handbook_url' => 'http://drupal.org/getting-started/install-contrib')); 572 } 573 else { 574 $form['available_backends']['#markup'] = t('Your server does not support installing modules and themes from this interface. Instead, install modules and themes by uploading them directly to the server, as described in the <a href="@handbook_url">handbook</a>.', array('@handbook_url' => 'http://drupal.org/getting-started/install-contrib')); 575 } 576 return FALSE; 577 } 578 579 $backend_names = array(); 580 foreach ($available_backends as $backend) { 581 $backend_names[] = $backend['title']; 582 } 583 if ($operation == 'update') { 584 $form['available_backends']['#markup'] = format_plural( 585 count($available_backends), 586 'Updating modules and themes requires <strong>@backends access</strong> to your server. See the <a href="@handbook_url">handbook</a> for other update methods.', 587 'Updating modules and themes requires access to your server via one of the following methods: <strong>@backends</strong>. See the <a href="@handbook_url">handbook</a> for other update methods.', 588 array( 589 '@backends' => implode(', ', $backend_names), 590 '@handbook_url' => 'http://drupal.org/getting-started/install-contrib', 591 )); 592 } 593 else { 594 $form['available_backends']['#markup'] = format_plural( 595 count($available_backends), 596 'Installing modules and themes requires <strong>@backends access</strong> to your server. See the <a href="@handbook_url">handbook</a> for other installation methods.', 597 'Installing modules and themes requires access to your server via one of the following methods: <strong>@backends</strong>. See the <a href="@handbook_url">handbook</a> for other installation methods.', 598 array( 599 '@backends' => implode(', ', $backend_names), 600 '@handbook_url' => 'http://drupal.org/getting-started/install-contrib', 601 )); 602 } 603 return TRUE; 604 } 605 606 /** 607 * Form validation handler for update_manager_install_form(). 608 * 609 * @see update_manager_install_form_submit() 610 */ 611 function update_manager_install_form_validate($form, &$form_state) { 612 if (!($form_state['values']['project_url'] XOR !empty($_FILES['files']['name']['project_upload']))) { 613 form_set_error('project_url', t('You must either provide a URL or upload an archive file to install.')); 614 } 615 616 if ($form_state['values']['project_url']) { 617 if (!valid_url($form_state['values']['project_url'], TRUE)) { 618 form_set_error('project_url', t('The provided URL is invalid.')); 619 } 620 } 621 } 622 623 /** 624 * Form submission handler for update_manager_install_form(). 625 * 626 * Either downloads the file specified in the URL to a temporary cache, or 627 * uploads the file attached to the form, then attempts to extract the archive 628 * into a temporary location and verify it. Instantiate the appropriate 629 * Updater class for this project and make sure it is not already installed in 630 * the live webroot. If everything is successful, setup an operation to run 631 * via authorize.php which will copy the extracted files from the temporary 632 * location into the live site. 633 * 634 * @see update_manager_install_form_validate() 635 * @see update_authorize_run_install() 636 * @see system_authorized_init() 637 * @see system_authorized_get_url() 638 */ 639 function update_manager_install_form_submit($form, &$form_state) { 640 if ($form_state['values']['project_url']) { 641 $field = 'project_url'; 642 $local_cache = update_manager_file_get($form_state['values']['project_url']); 643 if (!$local_cache) { 644 form_set_error($field, t('Unable to retrieve Drupal project from %url.', array('%url' => $form_state['values']['project_url']))); 645 return; 646 } 647 } 648 elseif ($_FILES['files']['name']['project_upload']) { 649 $validators = array('file_validate_extensions' => array(archiver_get_extensions())); 650 $field = 'project_upload'; 651 if (!($finfo = file_save_upload($field, $validators, NULL, FILE_EXISTS_REPLACE))) { 652 // Failed to upload the file. file_save_upload() calls form_set_error() on 653 // failure. 654 return; 655 } 656 $local_cache = $finfo->uri; 657 } 658 659 $directory = _update_manager_extract_directory(); 660 try { 661 $archive = update_manager_archive_extract($local_cache, $directory); 662 } 663 catch (Exception $e) { 664 form_set_error($field, $e->getMessage()); 665 return; 666 } 667 668 $files = $archive->listContents(); 669 if (!$files) { 670 form_set_error($field, t('Provided archive contains no files.')); 671 return; 672 } 673 674 // Unfortunately, we can only use the directory name to determine the project 675 // name. Some archivers list the first file as the directory (i.e., MODULE/) 676 // and others list an actual file (i.e., MODULE/README.TXT). 677 $project = strtok($files[0], '/\\'); 678 679 $archive_errors = update_manager_archive_verify($project, $local_cache, $directory); 680 if (!empty($archive_errors)) { 681 form_set_error($field, array_shift($archive_errors)); 682 // @todo: Fix me in D8: We need a way to set multiple errors on the same 683 // form element and have all of them appear! 684 if (!empty($archive_errors)) { 685 foreach ($archive_errors as $error) { 686 drupal_set_message($error, 'error'); 687 } 688 } 689 return; 690 } 691 692 // Make sure the Updater registry is loaded. 693 drupal_get_updaters(); 694 695 $project_location = $directory . '/' . $project; 696 try { 697 $updater = Updater::factory($project_location); 698 } 699 catch (Exception $e) { 700 form_set_error($field, $e->getMessage()); 701 return; 702 } 703 704 try { 705 $project_title = Updater::getProjectTitle($project_location); 706 } 707 catch (Exception $e) { 708 form_set_error($field, $e->getMessage()); 709 return; 710 } 711 712 if (!$project_title) { 713 form_set_error($field, t('Unable to determine %project name.', array('%project' => $project))); 714 } 715 716 if ($updater->isInstalled()) { 717 form_set_error($field, t('%project is already installed.', array('%project' => $project_title))); 718 return; 719 } 720 721 $project_real_location = drupal_realpath($project_location); 722 $arguments = array( 723 'project' => $project, 724 'updater_name' => get_class($updater), 725 'local_url' => $project_real_location, 726 ); 727 728 // If the owner of the directory we extracted is the same as the 729 // owner of our configuration directory (e.g. sites/default) where we're 730 // trying to install the code, there's no need to prompt for FTP/SSH 731 // credentials. Instead, we instantiate a FileTransferLocal and invoke 732 // update_authorize_run_install() directly. 733 if (fileowner($project_real_location) == fileowner(conf_path())) { 734 module_load_include('inc', 'update', 'update.authorize'); 735 $filetransfer = new FileTransferLocal(DRUPAL_ROOT); 736 call_user_func_array('update_authorize_run_install', array_merge(array($filetransfer), $arguments)); 737 } 738 // Otherwise, go through the regular workflow to prompt for FTP/SSH 739 // credentials and invoke update_authorize_run_install() indirectly with 740 // whatever FileTransfer object authorize.php creates for us. 741 else { 742 system_authorized_init('update_authorize_run_install', drupal_get_path('module', 'update') . '/update.authorize.inc', $arguments, t('Update manager')); 743 $form_state['redirect'] = system_authorized_get_url(); 744 } 745 } 746 747 /** 748 * @} End of "defgroup update_manager_install". 749 */ 750 751 /** 752 * @defgroup update_manager_file Update Manager module: file management 753 * @{ 754 * Update Manager module file management functions. 755 * 756 * These functions are used by the update manager to copy, extract, and verify 757 * archive files. 758 */ 759 760 /** 761 * Unpacks a downloaded archive file. 762 * 763 * @param string $file 764 * The filename of the archive you wish to extract. 765 * @param string $directory 766 * The directory you wish to extract the archive into. 767 * 768 * @return Archiver 769 * The Archiver object used to extract the archive. 770 * 771 * @throws Exception 772 */ 773 function update_manager_archive_extract($file, $directory) { 774 $archiver = archiver_get_archiver($file); 775 if (!$archiver) { 776 throw new Exception(t('Cannot extract %file, not a valid archive.', array ('%file' => $file))); 777 } 778 779 // Remove the directory if it exists, otherwise it might contain a mixture of 780 // old files mixed with the new files (e.g. in cases where files were removed 781 // from a later release). 782 $files = $archiver->listContents(); 783 784 // Unfortunately, we can only use the directory name to determine the project 785 // name. Some archivers list the first file as the directory (i.e., MODULE/) 786 // and others list an actual file (i.e., MODULE/README.TXT). 787 $project = strtok($files[0], '/\\'); 788 789 $extract_location = $directory . '/' . $project; 790 if (file_exists($extract_location)) { 791 file_unmanaged_delete_recursive($extract_location); 792 } 793 794 $archiver->extract($directory); 795 return $archiver; 796 } 797 798 /** 799 * Verifies an archive after it has been downloaded and extracted. 800 * 801 * This function is responsible for invoking hook_verify_update_archive(). 802 * 803 * @param string $project 804 * The short name of the project to download. 805 * @param string $archive_file 806 * The filename of the unextracted archive. 807 * @param string $directory 808 * The directory that the archive was extracted into. 809 * 810 * @return array 811 * An array of error messages to display if the archive was invalid. If there 812 * are no errors, it will be an empty array. 813 */ 814 function update_manager_archive_verify($project, $archive_file, $directory) { 815 return module_invoke_all('verify_update_archive', $project, $archive_file, $directory); 816 } 817 818 /** 819 * Copies a file from the specified URL to the temporary directory for updates. 820 * 821 * Returns the local path if the file has already been downloaded. 822 * 823 * @param $url 824 * The URL of the file on the server. 825 * 826 * @return string 827 * Path to local file. 828 */ 829 function update_manager_file_get($url) { 830 $parsed_url = parse_url($url); 831 $remote_schemes = array('http', 'https', 'ftp', 'ftps', 'smb', 'nfs'); 832 if (!in_array($parsed_url['scheme'], $remote_schemes)) { 833 // This is a local file, just return the path. 834 return drupal_realpath($url); 835 } 836 837 // Check the cache and download the file if needed. 838 $cache_directory = _update_manager_cache_directory(); 839 $local = $cache_directory . '/' . drupal_basename($parsed_url['path']); 840 841 if (!file_exists($local) || update_delete_file_if_stale($local)) { 842 return system_retrieve_file($url, $local, FALSE, FILE_EXISTS_REPLACE); 843 } 844 else { 845 return $local; 846 } 847 } 848 849 /** 850 * Batch callback: Downloads, unpacks, and verifies a project. 851 * 852 * This function assumes that the provided URL points to a file archive of some 853 * sort. The URL can have any scheme that we have a file stream wrapper to 854 * support. The file is downloaded to a local cache. 855 * 856 * @param string $project 857 * The short name of the project to download. 858 * @param string $url 859 * The URL to download a specific project release archive file. 860 * @param array $context 861 * Reference to an array used for Batch API storage. 862 * 863 * @see update_manager_download_page() 864 */ 865 function update_manager_batch_project_get($project, $url, &$context) { 866 // This is here to show the user that we are in the process of downloading. 867 if (!isset($context['sandbox']['started'])) { 868 $context['sandbox']['started'] = TRUE; 869 $context['message'] = t('Downloading %project', array('%project' => $project)); 870 $context['finished'] = 0; 871 return; 872 } 873 874 // Actually try to download the file. 875 if (!($local_cache = update_manager_file_get($url))) { 876 $context['results']['errors'][$project] = t('Failed to download %project from %url', array('%project' => $project, '%url' => $url)); 877 return; 878 } 879 880 // Extract it. 881 $extract_directory = _update_manager_extract_directory(); 882 try { 883 update_manager_archive_extract($local_cache, $extract_directory); 884 } 885 catch (Exception $e) { 886 $context['results']['errors'][$project] = $e->getMessage(); 887 return; 888 } 889 890 // Verify it. 891 $archive_errors = update_manager_archive_verify($project, $local_cache, $extract_directory); 892 if (!empty($archive_errors)) { 893 // We just need to make sure our array keys don't collide, so use the 894 // numeric keys from the $archive_errors array. 895 foreach ($archive_errors as $key => $error) { 896 $context['results']['errors']["$project-$key"] = $error; 897 } 898 return; 899 } 900 901 // Yay, success. 902 $context['results']['projects'][$project] = $url; 903 $context['finished'] = 1; 904 } 905 906 /** 907 * Determines if file transfers will be performed locally. 908 * 909 * If the server is configured such that webserver-created files have the same 910 * owner as the configuration directory (e.g., sites/default) where new code 911 * will eventually be installed, the update manager can transfer files entirely 912 * locally, without changing their ownership (in other words, without prompting 913 * the user for FTP, SSH or other credentials). 914 * 915 * This server configuration is an inherent security weakness because it allows 916 * a malicious webserver process to append arbitrary PHP code and then execute 917 * it. However, it is supported here because it is a common configuration on 918 * shared hosting, and there is nothing Drupal can do to prevent it. 919 * 920 * @return 921 * TRUE if local file transfers are allowed on this server, or FALSE if not. 922 * 923 * @see update_manager_update_ready_form_submit() 924 * @see update_manager_install_form_submit() 925 * @see install_check_requirements() 926 */ 927 function update_manager_local_transfers_allowed() { 928 // Compare the owner of a webserver-created temporary file to the owner of 929 // the configuration directory to determine if local transfers will be 930 // allowed. 931 $temporary_file = drupal_tempnam('temporary://', 'update_'); 932 $local_transfers_allowed = fileowner($temporary_file) === fileowner(conf_path()); 933 934 // Clean up. If this fails, we can ignore it (since this is just a temporary 935 // file anyway). 936 @drupal_unlink($temporary_file); 937 938 return $local_transfers_allowed; 939 } 940 941 /** 942 * @} End of "defgroup update_manager_file". 943 */
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
title