839 lines
35 KiB
PHP
839 lines
35 KiB
PHP
<?php
|
|
|
|
/**
|
|
* @file
|
|
* Code required only when comparing available updates to existing data.
|
|
*/
|
|
|
|
/**
|
|
* Fetches an array of installed and enabled projects.
|
|
*
|
|
* This is only responsible for generating an array of projects (taking into
|
|
* account projects that include more than one module or theme). Other
|
|
* information like the specific version and install type (official release,
|
|
* dev snapshot, etc) is handled later in update_process_project_info() since
|
|
* that logic is only required when preparing the status report, not for
|
|
* fetching the available release data.
|
|
*
|
|
* This array is fairly expensive to construct, since it involves a lot of disk
|
|
* I/O, so we cache the results into the {cache_update} table using the
|
|
* 'update_project_projects' cache ID. However, since this is not the data about
|
|
* available updates fetched from the network, it is acceptable to invalidate it
|
|
* somewhat quickly. If we keep this data for very long, site administrators are
|
|
* more likely to see incorrect results if they upgrade to a newer version of a
|
|
* module or theme but do not visit certain pages that automatically clear this
|
|
* cache.
|
|
*
|
|
* @return
|
|
* An associative array of currently enabled projects keyed by the
|
|
* machine-readable project short name. Each project contains:
|
|
* - name: The machine-readable project short name.
|
|
* - info: An array with values from the main .info file for this project.
|
|
* - name: The human-readable name of the project.
|
|
* - package: The package that the project is grouped under.
|
|
* - version: The version of the project.
|
|
* - project: The Drupal.org project name.
|
|
* - datestamp: The date stamp of the project's main .info file.
|
|
* - _info_file_ctime: The maximum file change time for all of the .info
|
|
* files included in this project.
|
|
* - datestamp: The date stamp when the project was released, if known.
|
|
* - includes: An associative array containing all projects included with this
|
|
* project, keyed by the machine-readable short name with the human-readable
|
|
* name as value.
|
|
* - project_type: The type of project. Allowed values are 'module' and
|
|
* 'theme'.
|
|
* - project_status: This indicates if the project is enabled and will always
|
|
* be TRUE, as the function only returns enabled projects.
|
|
* - sub_themes: If the project is a theme it contains an associative array of
|
|
* all sub-themes.
|
|
* - base_themes: If the project is a theme it contains an associative array
|
|
* of all base-themes.
|
|
*
|
|
* @see update_process_project_info()
|
|
* @see update_calculate_project_data()
|
|
* @see update_project_cache()
|
|
*/
|
|
function update_get_projects() {
|
|
$projects = &drupal_static(__FUNCTION__, array());
|
|
if (empty($projects)) {
|
|
// Retrieve the projects from cache, if present.
|
|
$projects = update_project_cache('update_project_projects');
|
|
if (empty($projects)) {
|
|
// Still empty, so we have to rebuild the cache.
|
|
$module_data = system_rebuild_module_data();
|
|
$theme_data = system_rebuild_theme_data();
|
|
_update_process_info_list($projects, $module_data, 'module', TRUE);
|
|
_update_process_info_list($projects, $theme_data, 'theme', TRUE);
|
|
if (variable_get('update_check_disabled', FALSE)) {
|
|
_update_process_info_list($projects, $module_data, 'module', FALSE);
|
|
_update_process_info_list($projects, $theme_data, 'theme', FALSE);
|
|
}
|
|
// Allow other modules to alter projects before fetching and comparing.
|
|
drupal_alter('update_projects', $projects);
|
|
// Cache the site's project data for at most 1 hour.
|
|
_update_cache_set('update_project_projects', $projects, REQUEST_TIME + 3600);
|
|
}
|
|
}
|
|
return $projects;
|
|
}
|
|
|
|
/**
|
|
* Populates an array of project data.
|
|
*
|
|
* This iterates over a list of the installed modules or themes and groups them
|
|
* by project and status. A few parts of this function assume that enabled
|
|
* modules and themes are always processed first, and if disabled modules or
|
|
* themes are being processed (there is a setting to control if disabled code
|
|
* should be included or not in the 'Available updates' report), those are only
|
|
* processed after $projects has been populated with information about the
|
|
* enabled code. Modules and themes set as hidden are always ignored. This
|
|
* function also records the latest change time on the .info files for each
|
|
* module or theme, which is important data which is used when deciding if the
|
|
* cached available update data should be invalidated.
|
|
*
|
|
* @param $projects
|
|
* Reference to the array of project data of what's installed on this site.
|
|
* @param $list
|
|
* Array of data to process to add the relevant info to the $projects array.
|
|
* @param $project_type
|
|
* The kind of data in the list. Can be 'module' or 'theme'.
|
|
* @param $status
|
|
* Boolean that controls what status (enabled or disabled) to process out of
|
|
* the $list and add to the $projects array.
|
|
*
|
|
* @see update_get_projects()
|
|
*/
|
|
function _update_process_info_list(&$projects, $list, $project_type, $status) {
|
|
$admin_theme = variable_get('admin_theme', 'seven');
|
|
foreach ($list as $file) {
|
|
// The admin theme is a special case. It should always be considered enabled
|
|
// for the purposes of update checking.
|
|
if ($file->name === $admin_theme) {
|
|
$file->status = TRUE;
|
|
}
|
|
// A disabled base theme of an enabled sub-theme still has all of its code
|
|
// run by the sub-theme, so we include it in our "enabled" projects list.
|
|
if ($status && !$file->status && !empty($file->sub_themes)) {
|
|
foreach ($file->sub_themes as $key => $name) {
|
|
// Build a list of enabled sub-themes.
|
|
if ($list[$key]->status) {
|
|
$file->enabled_sub_themes[$key] = $name;
|
|
}
|
|
}
|
|
// If there are no enabled subthemes, we should ignore this base theme
|
|
// for the enabled case. If the site is trying to display disabled
|
|
// themes, we'll catch it then.
|
|
if (empty($file->enabled_sub_themes)) {
|
|
continue;
|
|
}
|
|
}
|
|
// Otherwise, just add projects of the proper status to our list.
|
|
elseif ($file->status != $status) {
|
|
continue;
|
|
}
|
|
|
|
// Skip if the .info file is broken.
|
|
if (empty($file->info)) {
|
|
continue;
|
|
}
|
|
|
|
// Skip if it's a hidden module or theme.
|
|
if (!empty($file->info['hidden'])) {
|
|
continue;
|
|
}
|
|
|
|
// If the .info doesn't define the 'project', try to figure it out.
|
|
if (!isset($file->info['project'])) {
|
|
$file->info['project'] = update_get_project_name($file);
|
|
}
|
|
|
|
// If we still don't know the 'project', give up.
|
|
if (empty($file->info['project'])) {
|
|
continue;
|
|
}
|
|
|
|
// If we don't already know it, grab the change time on the .info file
|
|
// itself. Note: we need to use the ctime, not the mtime (modification
|
|
// time) since many (all?) tar implementations will go out of their way to
|
|
// set the mtime on the files it creates to the timestamps recorded in the
|
|
// tarball. We want to see the last time the file was changed on disk,
|
|
// which is left alone by tar and correctly set to the time the .info file
|
|
// was unpacked.
|
|
if (!isset($file->info['_info_file_ctime'])) {
|
|
$info_filename = dirname($file->uri) . '/' . $file->name . '.info';
|
|
$file->info['_info_file_ctime'] = filectime($info_filename);
|
|
}
|
|
|
|
if (!isset($file->info['datestamp'])) {
|
|
$file->info['datestamp'] = 0;
|
|
}
|
|
|
|
$project_name = $file->info['project'];
|
|
|
|
// Figure out what project type we're going to use to display this module
|
|
// or theme. If the project name is 'drupal', we don't want it to show up
|
|
// under the usual "Modules" section, we put it at a special "Drupal Core"
|
|
// section at the top of the report.
|
|
if ($project_name == 'drupal') {
|
|
$project_display_type = 'core';
|
|
}
|
|
else {
|
|
$project_display_type = $project_type;
|
|
}
|
|
if (empty($status) && empty($file->enabled_sub_themes)) {
|
|
// If we're processing disabled modules or themes, append a suffix.
|
|
// However, we don't do this to a a base theme with enabled
|
|
// subthemes, since we treat that case as if it is enabled.
|
|
$project_display_type .= '-disabled';
|
|
}
|
|
// Add a list of sub-themes that "depend on" the project and a list of base
|
|
// themes that are "required by" the project.
|
|
if ($project_name == 'drupal') {
|
|
// Drupal core is always required, so this extra info would be noise.
|
|
$sub_themes = array();
|
|
$base_themes = array();
|
|
}
|
|
else {
|
|
// Add list of enabled sub-themes.
|
|
$sub_themes = !empty($file->enabled_sub_themes) ? $file->enabled_sub_themes : array();
|
|
// Add list of base themes.
|
|
$base_themes = !empty($file->base_themes) ? $file->base_themes : array();
|
|
}
|
|
if (!isset($projects[$project_name])) {
|
|
// Only process this if we haven't done this project, since a single
|
|
// project can have multiple modules or themes.
|
|
$projects[$project_name] = array(
|
|
'name' => $project_name,
|
|
// Only save attributes from the .info file we care about so we do not
|
|
// bloat our RAM usage needlessly.
|
|
'info' => update_filter_project_info($file->info),
|
|
'datestamp' => $file->info['datestamp'],
|
|
'includes' => array($file->name => $file->info['name']),
|
|
'project_type' => $project_display_type,
|
|
'project_status' => $status,
|
|
'sub_themes' => $sub_themes,
|
|
'base_themes' => $base_themes,
|
|
);
|
|
}
|
|
elseif ($projects[$project_name]['project_type'] == $project_display_type) {
|
|
// Only add the file we're processing to the 'includes' array for this
|
|
// project if it is of the same type and status (which is encoded in the
|
|
// $project_display_type). This prevents listing all the disabled
|
|
// modules included with an enabled project if we happen to be checking
|
|
// for disabled modules, too.
|
|
$projects[$project_name]['includes'][$file->name] = $file->info['name'];
|
|
$projects[$project_name]['info']['_info_file_ctime'] = max($projects[$project_name]['info']['_info_file_ctime'], $file->info['_info_file_ctime']);
|
|
$projects[$project_name]['datestamp'] = max($projects[$project_name]['datestamp'], $file->info['datestamp']);
|
|
if (!empty($sub_themes)) {
|
|
$projects[$project_name]['sub_themes'] += $sub_themes;
|
|
}
|
|
if (!empty($base_themes)) {
|
|
$projects[$project_name]['base_themes'] += $base_themes;
|
|
}
|
|
}
|
|
elseif (empty($status)) {
|
|
// If we have a project_name that matches, but the project_display_type
|
|
// does not, it means we're processing a disabled module or theme that
|
|
// belongs to a project that has some enabled code. In this case, we add
|
|
// the disabled thing into a separate array for separate display.
|
|
$projects[$project_name]['disabled'][$file->name] = $file->info['name'];
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Determines what project a given file object belongs to.
|
|
*
|
|
* @param $file
|
|
* A file object as returned by system_get_files_database().
|
|
*
|
|
* @return
|
|
* The canonical project short name.
|
|
*
|
|
* @see system_get_files_database()
|
|
*/
|
|
function update_get_project_name($file) {
|
|
$project_name = '';
|
|
if (isset($file->info['project'])) {
|
|
$project_name = $file->info['project'];
|
|
}
|
|
elseif (isset($file->info['package']) && (strpos($file->info['package'], 'Core') === 0)) {
|
|
$project_name = 'drupal';
|
|
}
|
|
return $project_name;
|
|
}
|
|
|
|
/**
|
|
* Determines version and type information for currently installed projects.
|
|
*
|
|
* Processes the list of projects on the system to figure out the currently
|
|
* installed versions, and other information that is required before we can
|
|
* compare against the available releases to produce the status report.
|
|
*
|
|
* @param $projects
|
|
* Array of project information from update_get_projects().
|
|
*/
|
|
function update_process_project_info(&$projects) {
|
|
foreach ($projects as $key => $project) {
|
|
// Assume an official release until we see otherwise.
|
|
$install_type = 'official';
|
|
|
|
$info = $project['info'];
|
|
|
|
if (isset($info['version'])) {
|
|
// Check for development snapshots
|
|
if (preg_match('@(dev|HEAD)@', $info['version'])) {
|
|
$install_type = 'dev';
|
|
}
|
|
|
|
// Figure out what the currently installed major version is. We need
|
|
// to handle both contribution (e.g. "5.x-1.3", major = 1) and core
|
|
// (e.g. "5.1", major = 5) version strings.
|
|
$matches = array();
|
|
if (preg_match('/^(\d+\.x-)?(\d+)\..*$/', $info['version'], $matches)) {
|
|
$info['major'] = $matches[2];
|
|
}
|
|
elseif (!isset($info['major'])) {
|
|
// This would only happen for version strings that don't follow the
|
|
// drupal.org convention. We let contribs define "major" in their
|
|
// .info in this case, and only if that's missing would we hit this.
|
|
$info['major'] = -1;
|
|
}
|
|
}
|
|
else {
|
|
// No version info available at all.
|
|
$install_type = 'unknown';
|
|
$info['version'] = t('Unknown');
|
|
$info['major'] = -1;
|
|
}
|
|
|
|
// Finally, save the results we care about into the $projects array.
|
|
$projects[$key]['existing_version'] = $info['version'];
|
|
$projects[$key]['existing_major'] = $info['major'];
|
|
$projects[$key]['install_type'] = $install_type;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Calculates the current update status of all projects on the site.
|
|
*
|
|
* The results of this function are expensive to compute, especially on sites
|
|
* with lots of modules or themes, since it involves a lot of comparisons and
|
|
* other operations. Therefore, we cache the results into the {cache_update}
|
|
* table using the 'update_project_data' cache ID. However, since this is not
|
|
* the data about available updates fetched from the network, it is ok to
|
|
* invalidate it somewhat quickly. If we keep this data for very long, site
|
|
* administrators are more likely to see incorrect results if they upgrade to a
|
|
* newer version of a module or theme but do not visit certain pages that
|
|
* automatically clear this cache.
|
|
*
|
|
* @param array $available
|
|
* Data about available project releases.
|
|
*
|
|
* @return
|
|
* An array of installed projects with current update status information.
|
|
*
|
|
* @see update_get_available()
|
|
* @see update_get_projects()
|
|
* @see update_process_project_info()
|
|
* @see update_project_cache()
|
|
*/
|
|
function update_calculate_project_data($available) {
|
|
// Retrieve the projects from cache, if present.
|
|
$projects = update_project_cache('update_project_data');
|
|
// If $projects is empty, then the cache must be rebuilt.
|
|
// Otherwise, return the cached data and skip the rest of the function.
|
|
if (!empty($projects)) {
|
|
return $projects;
|
|
}
|
|
$projects = update_get_projects();
|
|
update_process_project_info($projects);
|
|
foreach ($projects as $project => $project_info) {
|
|
if (isset($available[$project])) {
|
|
update_calculate_project_update_status($project, $projects[$project], $available[$project]);
|
|
}
|
|
else {
|
|
$projects[$project]['status'] = UPDATE_UNKNOWN;
|
|
$projects[$project]['reason'] = t('No available releases found');
|
|
}
|
|
}
|
|
// Give other modules a chance to alter the status (for example, to allow a
|
|
// contrib module to provide fine-grained settings to ignore specific
|
|
// projects or releases).
|
|
drupal_alter('update_status', $projects);
|
|
|
|
// Cache the site's update status for at most 1 hour.
|
|
_update_cache_set('update_project_data', $projects, REQUEST_TIME + 3600);
|
|
return $projects;
|
|
}
|
|
|
|
/**
|
|
* Calculates the current update status of a specific project.
|
|
*
|
|
* This function is the heart of the update status feature. For each project it
|
|
* is invoked with, it first checks if the project has been flagged with a
|
|
* special status like "unsupported" or "insecure", or if the project node
|
|
* itself has been unpublished. In any of those cases, the project is marked
|
|
* with an error and the next project is considered.
|
|
*
|
|
* If the project itself is valid, the function decides what major release
|
|
* series to consider. The project defines what the currently supported major
|
|
* versions are for each version of core, so the first step is to make sure the
|
|
* current version is still supported. If so, that's the target version. If the
|
|
* current version is unsupported, the project maintainer's recommended major
|
|
* version is used. There's also a check to make sure that this function never
|
|
* recommends an earlier release than the currently installed major version.
|
|
*
|
|
* Given a target major version, the available releases are scanned looking for
|
|
* the specific release to recommend (avoiding beta releases and development
|
|
* snapshots if possible). For the target major version, the highest patch level
|
|
* is found. If there is a release at that patch level with no extra ("beta",
|
|
* etc.), then the release at that patch level with the most recent release date
|
|
* is recommended. If every release at that patch level has extra (only betas),
|
|
* then the latest release from the previous patch level is recommended. For
|
|
* example:
|
|
*
|
|
* - 1.6-bugfix <-- recommended version because 1.6 already exists.
|
|
* - 1.6
|
|
*
|
|
* or
|
|
*
|
|
* - 1.6-beta
|
|
* - 1.5 <-- recommended version because no 1.6 exists.
|
|
* - 1.4
|
|
*
|
|
* Also, the latest release from the same major version is looked for, even beta
|
|
* releases, to display to the user as the "Latest version" option.
|
|
* Additionally, the latest official release from any higher major versions that
|
|
* have been released is searched for to provide a set of "Also available"
|
|
* options.
|
|
*
|
|
* Finally, and most importantly, the release history continues to be scanned
|
|
* until the currently installed release is reached, searching for anything
|
|
* marked as a security update. If any security updates have been found between
|
|
* the recommended release and the installed version, all of the releases that
|
|
* included a security fix are recorded so that the site administrator can be
|
|
* warned their site is insecure, and links pointing to the release notes for
|
|
* each security update can be included (which, in turn, will link to the
|
|
* official security announcements for each vulnerability).
|
|
*
|
|
* This function relies on the fact that the .xml release history data comes
|
|
* sorted based on major version and patch level, then finally by release date
|
|
* if there are multiple releases such as betas from the same major.patch
|
|
* version (e.g., 5.x-1.5-beta1, 5.x-1.5-beta2, and 5.x-1.5). Development
|
|
* snapshots for a given major version are always listed last.
|
|
*
|
|
* @param $unused
|
|
* Input is not being used, but remains in function for API compatibility
|
|
* reasons.
|
|
* @param $project_data
|
|
* An array containing information about a specific project.
|
|
* @param $available
|
|
* Data about available project releases of a specific project.
|
|
*/
|
|
function update_calculate_project_update_status($unused, &$project_data, $available) {
|
|
foreach (array('title', 'link') as $attribute) {
|
|
if (!isset($project_data[$attribute]) && isset($available[$attribute])) {
|
|
$project_data[$attribute] = $available[$attribute];
|
|
}
|
|
}
|
|
|
|
// If the project status is marked as something bad, there's nothing else
|
|
// to consider.
|
|
if (isset($available['project_status'])) {
|
|
switch ($available['project_status']) {
|
|
case 'insecure':
|
|
$project_data['status'] = UPDATE_NOT_SECURE;
|
|
if (empty($project_data['extra'])) {
|
|
$project_data['extra'] = array();
|
|
}
|
|
$project_data['extra'][] = array(
|
|
'class' => array('project-not-secure'),
|
|
'label' => t('Project not secure'),
|
|
'data' => t('This project has been labeled insecure by the Drupal security team, and is no longer available for download. Immediately disabling everything included by this project is strongly recommended!'),
|
|
);
|
|
break;
|
|
case 'unpublished':
|
|
case 'revoked':
|
|
$project_data['status'] = UPDATE_REVOKED;
|
|
if (empty($project_data['extra'])) {
|
|
$project_data['extra'] = array();
|
|
}
|
|
$project_data['extra'][] = array(
|
|
'class' => array('project-revoked'),
|
|
'label' => t('Project revoked'),
|
|
'data' => t('This project has been revoked, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),
|
|
);
|
|
break;
|
|
case 'unsupported':
|
|
$project_data['status'] = UPDATE_NOT_SUPPORTED;
|
|
if (empty($project_data['extra'])) {
|
|
$project_data['extra'] = array();
|
|
}
|
|
$project_data['extra'][] = array(
|
|
'class' => array('project-not-supported'),
|
|
'label' => t('Project not supported'),
|
|
'data' => t('This project is no longer supported, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),
|
|
);
|
|
break;
|
|
case 'not-fetched':
|
|
$project_data['status'] = UPDATE_NOT_FETCHED;
|
|
$project_data['reason'] = t('Failed to get available update data.');
|
|
break;
|
|
|
|
default:
|
|
// Assume anything else (e.g. 'published') is valid and we should
|
|
// perform the rest of the logic in this function.
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!empty($project_data['status'])) {
|
|
// We already know the status for this project, so there's nothing else to
|
|
// compute. Record the project status into $project_data and we're done.
|
|
$project_data['project_status'] = $available['project_status'];
|
|
return;
|
|
}
|
|
|
|
// Figure out the target major version.
|
|
$existing_major = $project_data['existing_major'];
|
|
$supported_majors = array();
|
|
if (isset($available['supported_majors'])) {
|
|
$supported_majors = explode(',', $available['supported_majors']);
|
|
}
|
|
elseif (isset($available['default_major'])) {
|
|
// Older release history XML file without supported or recommended.
|
|
$supported_majors[] = $available['default_major'];
|
|
}
|
|
|
|
if (in_array($existing_major, $supported_majors)) {
|
|
// Still supported, stay at the current major version.
|
|
$target_major = $existing_major;
|
|
}
|
|
elseif (isset($available['recommended_major'])) {
|
|
// Since 'recommended_major' is defined, we know this is the new XML
|
|
// format. Therefore, we know the current release is unsupported since
|
|
// its major version was not in the 'supported_majors' list. We should
|
|
// find the best release from the recommended major version.
|
|
$target_major = $available['recommended_major'];
|
|
$project_data['status'] = UPDATE_NOT_SUPPORTED;
|
|
}
|
|
elseif (isset($available['default_major'])) {
|
|
// Older release history XML file without recommended, so recommend
|
|
// the currently defined "default_major" version.
|
|
$target_major = $available['default_major'];
|
|
}
|
|
else {
|
|
// Malformed XML file? Stick with the current version.
|
|
$target_major = $existing_major;
|
|
}
|
|
|
|
// Make sure we never tell the admin to downgrade. If we recommended an
|
|
// earlier version than the one they're running, they'd face an
|
|
// impossible data migration problem, since Drupal never supports a DB
|
|
// downgrade path. In the unfortunate case that what they're running is
|
|
// unsupported, and there's nothing newer for them to upgrade to, we
|
|
// can't print out a "Recommended version", but just have to tell them
|
|
// what they have is unsupported and let them figure it out.
|
|
$target_major = max($existing_major, $target_major);
|
|
|
|
$release_patch_changed = '';
|
|
$patch = '';
|
|
|
|
// If the project is marked as UPDATE_FETCH_PENDING, it means that the
|
|
// data we currently have (if any) is stale, and we've got a task queued
|
|
// up to (re)fetch the data. In that case, we mark it as such, merge in
|
|
// whatever data we have (e.g. project title and link), and move on.
|
|
if (!empty($available['fetch_status']) && $available['fetch_status'] == UPDATE_FETCH_PENDING) {
|
|
$project_data['status'] = UPDATE_FETCH_PENDING;
|
|
$project_data['reason'] = t('No available update data');
|
|
$project_data['fetch_status'] = $available['fetch_status'];
|
|
return;
|
|
}
|
|
|
|
// Defend ourselves from XML history files that contain no releases.
|
|
if (empty($available['releases'])) {
|
|
$project_data['status'] = UPDATE_UNKNOWN;
|
|
$project_data['reason'] = t('No available releases found');
|
|
return;
|
|
}
|
|
foreach ($available['releases'] as $version => $release) {
|
|
// First, if this is the existing release, check a few conditions.
|
|
if ($project_data['existing_version'] === $version) {
|
|
if (isset($release['terms']['Release type']) &&
|
|
in_array('Insecure', $release['terms']['Release type'])) {
|
|
$project_data['status'] = UPDATE_NOT_SECURE;
|
|
}
|
|
elseif ($release['status'] == 'unpublished') {
|
|
$project_data['status'] = UPDATE_REVOKED;
|
|
if (empty($project_data['extra'])) {
|
|
$project_data['extra'] = array();
|
|
}
|
|
$project_data['extra'][] = array(
|
|
'class' => array('release-revoked'),
|
|
'label' => t('Release revoked'),
|
|
'data' => t('Your currently installed release has been revoked, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),
|
|
);
|
|
}
|
|
elseif (isset($release['terms']['Release type']) &&
|
|
in_array('Unsupported', $release['terms']['Release type'])) {
|
|
$project_data['status'] = UPDATE_NOT_SUPPORTED;
|
|
if (empty($project_data['extra'])) {
|
|
$project_data['extra'] = array();
|
|
}
|
|
$project_data['extra'][] = array(
|
|
'class' => array('release-not-supported'),
|
|
'label' => t('Release not supported'),
|
|
'data' => t('Your currently installed release is now unsupported, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),
|
|
);
|
|
}
|
|
}
|
|
|
|
// Otherwise, ignore unpublished, insecure, or unsupported releases.
|
|
if ($release['status'] == 'unpublished' ||
|
|
(isset($release['terms']['Release type']) &&
|
|
(in_array('Insecure', $release['terms']['Release type']) ||
|
|
in_array('Unsupported', $release['terms']['Release type'])))) {
|
|
continue;
|
|
}
|
|
|
|
// See if this is a higher major version than our target and yet still
|
|
// supported. If so, record it as an "Also available" release.
|
|
// Note: some projects have a HEAD release from CVS days, which could
|
|
// be one of those being compared. They would not have version_major
|
|
// set, so we must call isset first.
|
|
if (isset($release['version_major']) && $release['version_major'] > $target_major) {
|
|
if (in_array($release['version_major'], $supported_majors)) {
|
|
if (!isset($project_data['also'])) {
|
|
$project_data['also'] = array();
|
|
}
|
|
if (!isset($project_data['also'][$release['version_major']])) {
|
|
$project_data['also'][$release['version_major']] = $version;
|
|
$project_data['releases'][$version] = $release;
|
|
}
|
|
}
|
|
// Otherwise, this release can't matter to us, since it's neither
|
|
// from the release series we're currently using nor the recommended
|
|
// release. We don't even care about security updates for this
|
|
// branch, since if a project maintainer puts out a security release
|
|
// at a higher major version and not at the lower major version,
|
|
// they must remove the lower version from the supported major
|
|
// versions at the same time, in which case we won't hit this code.
|
|
continue;
|
|
}
|
|
|
|
// Look for the 'latest version' if we haven't found it yet. Latest is
|
|
// defined as the most recent version for the target major version.
|
|
if (!isset($project_data['latest_version'])
|
|
&& $release['version_major'] == $target_major) {
|
|
$project_data['latest_version'] = $version;
|
|
$project_data['releases'][$version] = $release;
|
|
}
|
|
|
|
// Look for the development snapshot release for this branch.
|
|
if (!isset($project_data['dev_version'])
|
|
&& $release['version_major'] == $target_major
|
|
&& isset($release['version_extra'])
|
|
&& $release['version_extra'] == 'dev') {
|
|
$project_data['dev_version'] = $version;
|
|
$project_data['releases'][$version] = $release;
|
|
}
|
|
|
|
// Look for the 'recommended' version if we haven't found it yet (see
|
|
// phpdoc at the top of this function for the definition).
|
|
if (!isset($project_data['recommended'])
|
|
&& $release['version_major'] == $target_major
|
|
&& isset($release['version_patch'])) {
|
|
if ($patch != $release['version_patch']) {
|
|
$patch = $release['version_patch'];
|
|
$release_patch_changed = $release;
|
|
}
|
|
if (empty($release['version_extra']) && $patch == $release['version_patch']) {
|
|
$project_data['recommended'] = $release_patch_changed['version'];
|
|
$project_data['releases'][$release_patch_changed['version']] = $release_patch_changed;
|
|
}
|
|
}
|
|
|
|
// Stop searching once we hit the currently installed version.
|
|
if ($project_data['existing_version'] === $version) {
|
|
break;
|
|
}
|
|
|
|
// If we're running a dev snapshot and have a timestamp, stop
|
|
// searching for security updates once we hit an official release
|
|
// older than what we've got. Allow 100 seconds of leeway to handle
|
|
// differences between the datestamp in the .info file and the
|
|
// timestamp of the tarball itself (which are usually off by 1 or 2
|
|
// seconds) so that we don't flag that as a new release.
|
|
if ($project_data['install_type'] == 'dev') {
|
|
if (empty($project_data['datestamp'])) {
|
|
// We don't have current timestamp info, so we can't know.
|
|
continue;
|
|
}
|
|
elseif (isset($release['date']) && ($project_data['datestamp'] + 100 > $release['date'])) {
|
|
// We're newer than this, so we can skip it.
|
|
continue;
|
|
}
|
|
}
|
|
|
|
// See if this release is a security update.
|
|
if (isset($release['terms']['Release type'])
|
|
&& in_array('Security update', $release['terms']['Release type'])) {
|
|
$project_data['security updates'][] = $release;
|
|
}
|
|
}
|
|
|
|
// If we were unable to find a recommended version, then make the latest
|
|
// version the recommended version if possible.
|
|
if (!isset($project_data['recommended']) && isset($project_data['latest_version'])) {
|
|
$project_data['recommended'] = $project_data['latest_version'];
|
|
}
|
|
|
|
//
|
|
// Check to see if we need an update or not.
|
|
//
|
|
|
|
if (!empty($project_data['security updates'])) {
|
|
// If we found security updates, that always trumps any other status.
|
|
$project_data['status'] = UPDATE_NOT_SECURE;
|
|
}
|
|
|
|
if (isset($project_data['status'])) {
|
|
// If we already know the status, we're done.
|
|
return;
|
|
}
|
|
|
|
// If we don't know what to recommend, there's nothing we can report.
|
|
// Bail out early.
|
|
if (!isset($project_data['recommended'])) {
|
|
$project_data['status'] = UPDATE_UNKNOWN;
|
|
$project_data['reason'] = t('No available releases found');
|
|
return;
|
|
}
|
|
|
|
// If we're running a dev snapshot, compare the date of the dev snapshot
|
|
// with the latest official version, and record the absolute latest in
|
|
// 'latest_dev' so we can correctly decide if there's a newer release
|
|
// than our current snapshot.
|
|
if ($project_data['install_type'] == 'dev') {
|
|
if (isset($project_data['dev_version']) && $available['releases'][$project_data['dev_version']]['date'] > $available['releases'][$project_data['latest_version']]['date']) {
|
|
$project_data['latest_dev'] = $project_data['dev_version'];
|
|
}
|
|
else {
|
|
$project_data['latest_dev'] = $project_data['latest_version'];
|
|
}
|
|
}
|
|
|
|
// Figure out the status, based on what we've seen and the install type.
|
|
switch ($project_data['install_type']) {
|
|
case 'official':
|
|
if ($project_data['existing_version'] === $project_data['recommended'] || $project_data['existing_version'] === $project_data['latest_version']) {
|
|
$project_data['status'] = UPDATE_CURRENT;
|
|
}
|
|
else {
|
|
$project_data['status'] = UPDATE_NOT_CURRENT;
|
|
}
|
|
break;
|
|
|
|
case 'dev':
|
|
$latest = $available['releases'][$project_data['latest_dev']];
|
|
if (empty($project_data['datestamp'])) {
|
|
$project_data['status'] = UPDATE_NOT_CHECKED;
|
|
$project_data['reason'] = t('Unknown release date');
|
|
}
|
|
elseif (($project_data['datestamp'] + 100 > $latest['date'])) {
|
|
$project_data['status'] = UPDATE_CURRENT;
|
|
}
|
|
else {
|
|
$project_data['status'] = UPDATE_NOT_CURRENT;
|
|
}
|
|
break;
|
|
|
|
default:
|
|
$project_data['status'] = UPDATE_UNKNOWN;
|
|
$project_data['reason'] = t('Invalid info');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Retrieves data from {cache_update} or empties the cache when necessary.
|
|
*
|
|
* Two very expensive arrays computed by this module are the list of all
|
|
* installed modules and themes (and .info data, project associations, etc), and
|
|
* the current status of the site relative to the currently available releases.
|
|
* These two arrays are cached in the {cache_update} table and used whenever
|
|
* possible. The cache is cleared whenever the administrator visits the status
|
|
* report, available updates report, or the module or theme administration
|
|
* pages, since we should always recompute the most current values on any of
|
|
* those pages.
|
|
*
|
|
* Note: while both of these arrays are expensive to compute (in terms of disk
|
|
* I/O and some fairly heavy CPU processing), neither of these is the actual
|
|
* data about available updates that we have to fetch over the network from
|
|
* updates.drupal.org. That information is stored with the
|
|
* 'update_available_releases' cache ID -- it needs to persist longer than 1
|
|
* hour and never get invalidated just by visiting a page on the site.
|
|
*
|
|
* @param $cid
|
|
* The cache ID of data to return from the cache. Valid options are
|
|
* 'update_project_data' and 'update_project_projects'.
|
|
*
|
|
* @return
|
|
* The cached value of the $projects array generated by
|
|
* update_calculate_project_data() or update_get_projects(), or an empty array
|
|
* when the cache is cleared.
|
|
*/
|
|
function update_project_cache($cid) {
|
|
$projects = array();
|
|
|
|
// On certain paths, we should clear the cache and recompute the projects for
|
|
// update status of the site to avoid presenting stale information.
|
|
$q = $_GET['q'];
|
|
$paths = array(
|
|
'admin/modules',
|
|
'admin/modules/update',
|
|
'admin/appearance',
|
|
'admin/appearance/update',
|
|
'admin/reports',
|
|
'admin/reports/updates',
|
|
'admin/reports/updates/update',
|
|
'admin/reports/status',
|
|
'admin/reports/updates/check',
|
|
);
|
|
if (in_array($q, $paths)) {
|
|
_update_cache_clear($cid);
|
|
}
|
|
else {
|
|
$cache = _update_cache_get($cid);
|
|
if (!empty($cache->data) && $cache->expire > REQUEST_TIME) {
|
|
$projects = $cache->data;
|
|
}
|
|
}
|
|
return $projects;
|
|
}
|
|
|
|
/**
|
|
* Filters the project .info data to only save attributes we need.
|
|
*
|
|
* @param array $info
|
|
* Array of .info file data as returned by drupal_parse_info_file().
|
|
*
|
|
* @return
|
|
* Array of .info file data we need for the update manager.
|
|
*
|
|
* @see _update_process_info_list()
|
|
*/
|
|
function update_filter_project_info($info) {
|
|
$whitelist = array(
|
|
'_info_file_ctime',
|
|
'datestamp',
|
|
'major',
|
|
'name',
|
|
'package',
|
|
'project',
|
|
'project status url',
|
|
'version',
|
|
);
|
|
return array_intersect_key($info, drupal_map_assoc($whitelist));
|
|
}
|