update.module 34 KB
Newer Older
1 2 3 4
<?php

/**
 * @file
5 6 7 8 9
 * Handles updates of Drupal core and contributed projects.
 *
 * The module checks for available updates of Drupal core and any installed
 * contributed modules and themes. It warns site administrators if newer
 * releases are available via the system status report (admin/reports/status),
10
 * the module and theme pages, and optionally via email. It also provides the
11
 * ability to install contributed modules and themes via an user interface.
12 13
 */

14
use Drupal\Core\Url;
15
use Drupal\Core\Form\FormStateInterface;
16
use Drupal\Core\Routing\RouteMatchInterface;
17
use Drupal\Core\Site\Settings;
18

19
// These are internally used constants for this code, do not modify.
20 21

/**
22
 * Project is missing security update(s).
23 24 25
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\update\UpdateManagerInterface::NOT_SECURE instead.
26 27
 *
 * @see https://www.drupal.org/node/2831620
28
 */
29
const UPDATE_NOT_SECURE = 1;
30 31

/**
32
 * Current release has been unpublished and is no longer available.
33 34 35
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\update\UpdateManagerInterface::REVOKED instead.
36 37
 *
 * @see https://www.drupal.org/node/2831620
38
 */
39
const UPDATE_REVOKED = 2;
40 41 42

/**
 * Current release is no longer supported by the project maintainer.
43 44 45
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\update\UpdateManagerInterface::NOT_SUPPORTED instead.
46 47
 *
 * @see https://www.drupal.org/node/2831620
48
 */
49
const UPDATE_NOT_SUPPORTED = 3;
50 51 52

/**
 * Project has a new release available, but it is not a security release.
53 54 55
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\update\UpdateManagerInterface::NOT_CURRENT instead.
56 57
 *
 * @see https://www.drupal.org/node/2831620
58
 */
59
const UPDATE_NOT_CURRENT = 4;
60 61 62

/**
 * Project is up to date.
63 64 65
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\update\UpdateManagerInterface::CURRENT instead.
66 67
 *
 * @see https://www.drupal.org/node/2831620
68
 */
69
const UPDATE_CURRENT = 5;
70 71 72

/**
 * Project's status cannot be checked.
73 74 75
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\update\UpdateFetcherInterface::NOT_CHECKED instead.
76 77
 *
 * @see https://www.drupal.org/node/2831620
78
 */
79
const UPDATE_NOT_CHECKED = -1;
80 81 82

/**
 * No available update data was found for project.
83 84 85
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\update\UpdateFetcherInterface::UNKNOWN instead.
86 87
 *
 * @see https://www.drupal.org/node/2831620
88
 */
89
const UPDATE_UNKNOWN = -2;
90

91 92
/**
 * There was a failure fetching available update data for this project.
93 94 95
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\update\UpdateFetcherInterface::NOT_FETCHED instead.
96 97
 *
 * @see https://www.drupal.org/node/2831620
98
 */
99
const UPDATE_NOT_FETCHED = -3;
100

101 102
/**
 * We need to (re)fetch available update data for this project.
103 104 105
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\update\UpdateFetcherInterface::FETCH_PENDING instead.
106 107
 *
 * @see https://www.drupal.org/node/2831620
108
 */
109
const UPDATE_FETCH_PENDING = -4;
110

111
/**
112
 * Implements hook_help().
113
 */
114
function update_help($route_name, RouteMatchInterface $route_match) {
115 116
  switch ($route_name) {
    case 'help.page.update':
117 118
      $output = '';
      $output .= '<h3>' . t('About') . '</h3>';
119
      $output .= '<p>' . t('The Update Manager module periodically checks for new versions of your site\'s software (including contributed modules and themes), and alerts administrators to available updates. The Update Manager system is also used by some other modules to manage updates and downloads; for example, the Interface Translation module uses the Update Manager to download translations from the localization server. Note that whenever the Update Manager system is used, anonymous usage statistics are sent to Drupal.org. If desired, you may disable the Update Manager module from the <a href=":modules">Extend page</a>; if you do so, functionality that depends on the Update Manager system will not work. For more information, see the <a href=":update">online documentation for the Update Manager module</a>.', [':update' => 'https://www.drupal.org/documentation/modules/update', ':modules' => \Drupal::url('system.modules_list')]) . '</p>';
120
      // Only explain the Update manager if it has not been disabled.
121
      if (_update_manager_access()) {
122
        $output .= '<p>' . t('The Update Manager also allows administrators to update and install modules and themes through the administration interface.') . '</p>';
123 124 125 126
      }
      $output .= '<h3>' . t('Uses') . '</h3>';
      $output .= '<dl>';
      $output .= '<dt>' . t('Checking for available updates') . '</dt>';
127
      $output .= '<dd>' . t('The <a href=":update-report">Available updates report</a> displays core, contributed modules, and themes for which there are new releases available for download. On the report page, you can also check manually for updates. You can configure the frequency of update checks, which are performed during cron runs, and whether notifications are sent on the <a href=":update-settings">Update Manager settings page</a>.', [':update-report' => \Drupal::url('update.status'), ':update-settings' => \Drupal::url('update.settings')]) . '</dd>';
128
      // Only explain the Update manager if it has not been disabled.
129
      if (_update_manager_access()) {
130
        $output .= '<dt>' . t('Performing updates through the Update page') . '</dt>';
131
        $output .= '<dd>' . t('The Update Manager module allows administrators to perform updates directly from the <a href=":update-page">Update page</a>. It lists all available updates, and you can confirm whether you want to download them. If you don\'t have sufficient access rights to your web server, you could be prompted for your FTP/SSH password. Afterwards the files are transferred into your site installation, overwriting your old files. Direct links to the Update page are also displayed on the <a href=":modules_page">Extend page</a> and the <a href=":themes_page">Appearance page</a>.', [':modules_page' => \Drupal::url('system.modules_list'), ':themes_page' => \Drupal::url('system.themes_page'), ':update-page' => \Drupal::url('update.report_update')]) . '</dd>';
132
        $output .= '<dt>' . t('Installing new modules and themes through the Install page') . '</dt>';
133
        $output .= '<dd>' . t('You can also install new modules and themes in the same fashion, through the <a href=":install">Install page</a>, or by clicking the <em>Install new module/theme</em> links at the top of the <a href=":modules_page">Extend page</a> and the <a href=":themes_page">Appearance page</a>. In this case, you are prompted to provide either the URL to the download, or to upload a packaged release file from your local computer.', [':modules_page' => \Drupal::url('system.modules_list'), ':themes_page' => \Drupal::url('system.themes_page'), ':install' => \Drupal::url('update.report_install')]) . '</dd>';
134 135
      }
      $output .= '</dl>';
136
      return $output;
137 138 139

    case 'update.status':
      return '<p>' . t('Here you can find information about available updates for your installed modules and themes. Note that each module or theme is part of a "project", which may or may not have the same name, and might include multiple modules or themes within it.') . '</p>';
140 141 142

    case 'system.modules_list':
      if (_update_manager_access()) {
143
        $output = '<p>' . t('Regularly review and install <a href=":updates">available updates</a> to maintain a secure and current site. Always run the <a href=":update-php">update script</a> each time a module is updated.', [':update-php' => \Drupal::url('system.db_update'), ':updates' => \Drupal::url('update.status')]) . '</p>';
144 145
      }
      else {
146
        $output = '<p>' . t('Regularly review <a href=":updates">available updates</a> to maintain a secure and current site. Always run the <a href=":update-php">update script</a> each time a module is updated.', [':update-php' => \Drupal::url('system.db_update'), ':updates' => \Drupal::url('update.status')]) . '</p>';
147 148
      }
      return $output;
149 150
  }
}
151

152
/**
153
 * Implements hook_page_top().
154
 */
155
function update_page_top() {
156 157
  /** @var \Drupal\Core\Routing\AdminContext $admin_context */
  $admin_context = \Drupal::service('router.admin_context');
158 159
  $route_match = \Drupal::routeMatch();
  if ($admin_context->isAdminRoute($route_match->getRouteObject()) && \Drupal::currentUser()->hasPermission('administer site configuration')) {
160 161
    $route_name = \Drupal::routeMatch()->getRouteName();
    switch ($route_name) {
162
      // These pages don't need additional nagging.
163 164 165 166 167 168 169 170 171 172
      case 'update.theme_update':
      case 'system.theme_install':
      case 'update.module_update':
      case 'update.module_install':
      case 'update.status':
      case 'update.report_update':
      case 'update.report_install':
      case 'update.settings':
      case 'system.status':
      case 'update.confirmation_page':
173 174 175 176
        return;

      // If we are on the appearance or modules list, display a detailed report
      // of the update status.
177 178
      case 'system.themes_page':
      case 'system.modules_list':
179 180 181 182
        $verbose = TRUE;
        break;

    }
183 184
    module_load_install('update');
    $status = update_requirements('runtime');
185
    foreach (['core', 'contrib'] as $report_type) {
186
      $type = 'update_' . $report_type;
187
      // hook_requirements() supports render arrays therefore we need to render
188 189
      // them before using
      // \Drupal\Core\Messenger\MessengerInterface::addStatus().
190 191 192
      if (isset($status[$type]['description']) && is_array($status[$type]['description'])) {
        $status[$type]['description'] = \Drupal::service('renderer')->renderPlain($status[$type]['description']);
      }
193
      if (!empty($verbose)) {
194 195
        if (isset($status[$type]['severity'])) {
          if ($status[$type]['severity'] == REQUIREMENT_ERROR) {
196
            \Drupal::messenger()->addError($status[$type]['description']);
197
          }
198
          elseif ($status[$type]['severity'] == REQUIREMENT_WARNING) {
199
            \Drupal::messenger()->addWarning($status[$type]['description']);
200 201 202 203 204
          }
        }
      }
      // Otherwise, if we're on *any* admin page and there's a security
      // update missing, print an error message about it.
205
      else {
206 207 208
        if (isset($status[$type])
            && isset($status[$type]['reason'])
            && $status[$type]['reason'] === UPDATE_NOT_SECURE) {
209
          \Drupal::messenger()->addError($status[$type]['description']);
210 211
        }
      }
212
    }
213 214 215 216
  }
}

/**
217
 * Resolves if the current user can access updater menu items.
218 219 220
 *
 * It both enforces the 'administer software updates' permission and the global
 * kill switch for the authorize.php script.
221
 *
222 223 224
 * @return
 *   TRUE if the current user can access the updater menu items; FALSE
 *   otherwise.
225
 */
226
function _update_manager_access() {
227
  return Settings::get('allow_authorize_operations', TRUE) && \Drupal::currentUser()->hasPermission('administer software updates');
228 229 230
}

/**
231
 * Implements hook_theme().
232 233
 */
function update_theme() {
234 235 236 237 238 239
  return [
    'update_last_check' => [
      'variables' => ['last' => 0],
    ],
    'update_report' => [
      'variables' => ['data' => NULL],
240
      'file' => 'update.report.inc',
241 242 243
    ],
    'update_project_status' => [
      'variables' => ['project' => []],
244
      'file' => 'update.report.inc',
245
    ],
246 247
    // We are using template instead of '#type' => 'table' here to keep markup
    // out of preprocess and allow for easier changes to markup.
248 249
    'update_version' => [
      'variables' => ['version' => NULL, 'title' => NULL, 'attributes' => []],
250
      'file' => 'update.report.inc',
251 252
    ],
  ];
253 254 255
}

/**
256
 * Implements hook_cron().
257 258
 */
function update_cron() {
259
  $update_config = \Drupal::config('update.settings');
260
  $frequency = $update_config->get('check.interval_days');
261
  $interval = 60 * 60 * 24 * $frequency;
262
  $last_check = \Drupal::state()->get('update.last_check') ?: 0;
263
  if ((REQUEST_TIME - $last_check) > $interval) {
264
    // If the configured update interval has elapsed, we want to invalidate
265
    // the data for all projects, attempt to re-fetch, and trigger any
266
    // configured notifications about the new status.
267
    update_refresh();
268
    update_fetch_data();
269
  }
270 271 272 273 274
  else {
    // Otherwise, see if any individual projects are now stale or still
    // missing data, and if so, try to fetch the data.
    update_get_available(TRUE);
  }
275
  $last_email_notice = \Drupal::state()->get('update.last_email_notification') ?: 0;
276
  if ((REQUEST_TIME - $last_email_notice) > $interval) {
277 278 279 280 281
    // If configured time between notifications elapsed, send email about
    // updates possibly available.
    module_load_include('inc', 'update', 'update.fetch');
    _update_cron_notify();
  }
282 283 284

  // Clear garbage from disk.
  update_clear_update_disk_cache();
285 286 287
}

/**
288
 * Implements hook_themes_installed().
289
 *
290
 * If themes are installed, we invalidate the information of available updates.
291
 */
292
function update_themes_installed($themes) {
293 294
  // Clear all update module data.
  update_storage_clear();
295 296 297
}

/**
298
 * Implements hook_themes_uninstalled().
299
 *
300
 * If themes are uninstalled, we invalidate the information of available updates.
301
 */
302
function update_themes_uninstalled($themes) {
303 304
  // Clear all update module data.
  update_storage_clear();
305 306 307
}

/**
308
 * Implements hook_form_FORM_ID_alter() for system_modules().
309
 *
310
 * Adds a form submission handler to the system modules form, so that if a site
311
 * admin saves the form, we invalidate the information of available updates.
312
 *
313
 * @see _update_cache_clear()
314
 */
315
function update_form_system_modules_alter(&$form, FormStateInterface $form_state) {
316
  $form['#submit'][] = 'update_storage_clear_submit';
317 318 319
}

/**
320 321 322
 * Form submission handler for system_modules().
 *
 * @see update_form_system_modules_alter()
323
 */
324
function update_storage_clear_submit($form, FormStateInterface $form_state) {
325 326
  // Clear all update module data.
  update_storage_clear();
327 328 329
}

/**
330
 * Returns a warning message when there is no data about available updates.
331 332
 */
function _update_no_data() {
333
  $destination = \Drupal::destination()->getAsArray();
334
  return t('No update information available. <a href=":run_cron">Run cron</a> or <a href=":check_manually">check manually</a>.', [
335 336
    ':run_cron' => \Drupal::url('system.run_cron', [], ['query' => $destination]),
    ':check_manually' => \Drupal::url('update.manual_status', [], ['query' => $destination]),
337
  ]);
338 339 340
}

/**
341
 * Tries to get update information and refreshes it when necessary.
342
 *
343
 * In addition to checking the lifetime, this function also ensures that
344
 * there are no .info.yml files for enabled modules or themes that have a newer
345
 * modification timestamp than the last time we checked for available update
346 347 348 349
 * data. If any .info.yml file was modified, it almost certainly means a new
 * version of something was installed. Without fresh available update data, the
 * logic in update_calculate_project_data() will be wrong and produce confusing,
 * bogus results.
350
 *
351
 * @param $refresh
352 353
 *   (optional) Boolean to indicate if this method should refresh automatically
 *   if there's no data. Defaults to FALSE.
354 355 356
 *
 * @return
 *   Array of data about available releases, keyed by project shortname.
357 358
 *
 * @see update_refresh()
359
 * @see \Drupal\Update\UpdateManager::getProjects()
360 361
 */
function update_get_available($refresh = FALSE) {
362
  module_load_include('inc', 'update', 'update.compare');
363
  $needs_refresh = FALSE;
364

365
  // Grab whatever data we currently have.
366
  $available = \Drupal::keyValueExpirable('update_available_releases')->getAll();
367
  $projects = \Drupal::service('update.manager')->getProjects();
368
  foreach ($projects as $key => $project) {
369 370
    // If there's no data at all, we clearly need to fetch some.
    if (empty($available[$key])) {
371
      // update_create_fetch_task($project);
372
      \Drupal::service('update.processor')->createFetchTask($project);
373 374 375 376
      $needs_refresh = TRUE;
      continue;
    }

377 378 379 380
    // See if the .info.yml file is newer than the last time we checked for
    // data, and if so, mark this project's data as needing to be re-fetched.
    // Any time an admin upgrades their local installation, the .info.yml file
    // will be changed, so this is the only way we can be sure we're not showing
381 382 383 384 385 386 387
    // bogus information right after they upgrade.
    if ($project['info']['_info_file_ctime'] > $available[$key]['last_fetch']) {
      $available[$key]['fetch_status'] = UPDATE_FETCH_PENDING;
    }

    // If we have project data but no release data, we need to fetch. This
    // can be triggered when we fail to contact a release history server.
388
    if (empty($available[$key]['releases']) && !$available[$key]['last_fetch']) {
389 390 391 392 393 394
      $available[$key]['fetch_status'] = UPDATE_FETCH_PENDING;
    }

    // If we think this project needs to fetch, actually create the task now
    // and remember that we think we're missing some data.
    if (!empty($available[$key]['fetch_status']) && $available[$key]['fetch_status'] == UPDATE_FETCH_PENDING) {
395
      \Drupal::service('update.processor')->createFetchTask($project);
396 397 398
      $needs_refresh = TRUE;
    }
  }
399 400 401 402 403

  if ($needs_refresh && $refresh) {
    // Attempt to drain the queue of fetch tasks.
    update_fetch_data();
    // After processing the queue, we've (hopefully) got better data, so pull
404
    // the latest data again and use that directly.
405
    $available = \Drupal::keyValueExpirable('update_available_releases')->getAll();
406
  }
407

408 409 410
  return $available;
}

411 412 413 414 415 416 417 418 419 420 421 422 423
/**
 * Identifies equivalent security releases with a hardcoded list.
 *
 * Generally, only the latest minor version of Drupal 8 is supported. However,
 * when security fixes are backported to an old branch, and the site owner
 * updates to the release containing the backported fix, they should not
 * see "Security update required!" again if the only other security releases
 * are releases for the same advisories.
 *
 * @return string[]
 *   A list of security release numbers that are equivalent to this release
 *   (i.e. covered by the same advisory), for backported security fixes only.
 *
424 425 426 427 428
 * @internal
 *
 * @deprecated in Drupal 8.6.0 and will be removed before Drupal 9.0.0. Use the
 *   'Insecure' release type tag in update XML provided by Drupal.org to
 *   determine if releases are insecure.
429 430
 */
function _update_equivalent_security_releases() {
431
  trigger_error("_update_equivalent_security_releases() was a temporary fix and will be removed before 9.0.0. Use the 'Insecure' release type tag in update XML provided by Drupal.org to determine if releases are insecure.", E_USER_DEPRECATED);
432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449
  switch (\Drupal::VERSION) {
    case '8.3.8':
      return ['8.4.5', '8.5.0-rc1'];
    case '8.3.9':
      return ['8.4.6', '8.5.1'];
    case '8.4.5':
      return ['8.5.0-rc1'];
    case '8.4.6':
      return ['8.5.1'];
    case '8.4.7':
      return ['8.5.2'];
    case '8.4.8':
      return ['8.5.3'];
  }

  return [];
}

450
/**
451 452 453 454
 * Adds a task to the queue for fetching release history data for a project.
 *
 * We only create a new fetch task if there's no task already in the queue for
 * this particular project (based on 'update_fetch_task' key-value collection).
455 456
 *
 * @param $project
457
 *   Associative array of information about a project as created by
458 459 460
 *   \Drupal\Update\UpdateManager::getProjects(), including keys such as 'name'
 *   (short name), and the 'info' array with data from a .info.yml file for the
 *   project.
461 462
 *
 * @see \Drupal\update\UpdateFetcher::createFetchTask()
463 464
 */
function update_create_fetch_task($project) {
465
  \Drupal::service('update.processor')->createFetchTask($project);
466 467
}

468
/**
469
 * Refreshes the release data after loading the necessary include file.
470 471
 */
function update_refresh() {
472
  \Drupal::service('update.manager')->refreshUpdateData();
473 474
}

475
/**
476 477
 * Attempts to fetch update data after loading the necessary include file.
 *
478
 * @see \Drupal\update\UpdateProcessor::fetchData()
479 480
 */
function update_fetch_data() {
481
  \Drupal::service('update.processor')->fetchData();
482 483
}

484 485 486 487 488 489 490 491 492 493 494 495 496 497
/**
 * Batch callback: Performs actions when all fetch tasks have been completed.
 *
 * @param $success
 *   TRUE if the batch operation was successful; FALSE if there were errors.
 * @param $results
 *   An associative array of results from the batch operation, including the key
 *   'updated' which holds the total number of projects we fetched available
 *   update data for.
 */
function update_fetch_data_finished($success, $results) {
  if ($success) {
    if (!empty($results)) {
      if (!empty($results['updated'])) {
498
        \Drupal::messenger()->addStatus(\Drupal::translation()->formatPlural($results['updated'], 'Checked available update data for one project.', 'Checked available update data for @count projects.'));
499 500
      }
      if (!empty($results['failures'])) {
501
        \Drupal::messenger()->addError(\Drupal::translation()->formatPlural($results['failures'], 'Failed to get available update data for one project.', 'Failed to get available update data for @count projects.'));
502 503 504 505
      }
    }
  }
  else {
506
    \Drupal::messenger()->addError(t('An error occurred trying to get available update data.'), 'error');
507 508 509
  }
}

510
/**
511
 * Implements hook_mail().
512
 *
513
 * Constructs the email notification message when the site is out of date.
514 515 516 517 518 519
 *
 * @param $key
 *   Unique key to indicate what message to build, always 'status_notify'.
 * @param $message
 *   Reference to the message array being built.
 * @param $params
520 521 522 523
 *   Array of parameters to indicate what kind of text to include in the message
 *   body. This is a keyed array of message type ('core' or 'contrib') as the
 *   keys, and the status reason constant (UPDATE_NOT_SECURE, etc) for the
 *   values.
524
 *
525
 * @see \Drupal\Core\Mail\MailManagerInterface::mail()
526 527
 * @see _update_cron_notify()
 * @see _update_message_text()
528 529
 */
function update_mail($key, &$message, $params) {
530
  $langcode = $message['langcode'];
531
  $language = \Drupal::languageManager()->getLanguage($langcode);
532
  $message['subject'] .= t('New release(s) available for @site_name', ['@site_name' => \Drupal::config('system.site')->get('name')], ['langcode' => $langcode]);
533
  foreach ($params as $msg_type => $msg_reason) {
534
    $message['body'][] = _update_message_text($msg_type, $msg_reason, $langcode);
535
  }
536
  $message['body'][] = t('See the available updates page for more information:', [], ['langcode' => $langcode]) . "\n" . \Drupal::url('update.status', [], ['absolute' => TRUE, 'language' => $language]);
537
  if (_update_manager_access()) {
538
    $message['body'][] = t('You can automatically install your missing updates using the Update manager:', [], ['langcode' => $langcode]) . "\n" . \Drupal::url('update.report_update', [], ['absolute' => TRUE, 'language' => $language]);
539
  }
540
  $settings_url = \Drupal::url('update.settings', [], ['absolute' => TRUE]);
541
  if (\Drupal::config('update.settings')->get('notification.threshold') == 'all') {
542
    $message['body'][] = t('Your site is currently configured to send these emails when any updates are available. To get notified only for security updates, @url.', ['@url' => $settings_url]);
543 544
  }
  else {
545
    $message['body'][] = t('Your site is currently configured to send these emails only when security updates are available. To get notified for any available updates, @url.', ['@url' => $settings_url]);
546
  }
547 548 549
}

/**
550
 * Returns the appropriate message text when site is out of date or not secure.
551 552
 *
 * These error messages are shared by both update_requirements() for the
553
 * site-wide status report at admin/reports/status and in the body of the
554
 * notification email messages generated by update_cron().
555 556
 *
 * @param $msg_type
557 558
 *   String to indicate what kind of message to generate. Can be either 'core'
 *   or 'contrib'.
559
 * @param $msg_reason
560
 *   Integer constant specifying why message is generated.
561 562
 * @param $langcode
 *   (optional) A language code to use. Defaults to NULL.
563
 *
564 565 566
 * @return
 *   The properly translated error message for the given key.
 */
567
function _update_message_text($msg_type, $msg_reason, $langcode = NULL) {
568 569
  $text = '';
  switch ($msg_reason) {
570 571
    case UPDATE_NOT_SECURE:
      if ($msg_type == 'core') {
572
        $text = t('There is a security update available for your version of Drupal. To ensure the security of your server, you should update immediately!', [], ['langcode' => $langcode]);
573 574
      }
      else {
575
        $text = t('There are security updates available for one or more of your modules or themes. To ensure the security of your server, you should update immediately!', [], ['langcode' => $langcode]);
576 577 578 579 580
      }
      break;

    case UPDATE_REVOKED:
      if ($msg_type == 'core') {
581
        $text = t('Your version of Drupal has been revoked and is no longer available for download. Upgrading is strongly recommended!', [], ['langcode' => $langcode]);
582 583
      }
      else {
584
        $text = t('The installed version of at least one of your modules or themes has been revoked and is no longer available for download. Upgrading or disabling is strongly recommended!', [], ['langcode' => $langcode]);
585 586 587 588 589
      }
      break;

    case UPDATE_NOT_SUPPORTED:
      if ($msg_type == 'core') {
590
        $text = t('Your version of Drupal is no longer supported. Upgrading is strongly recommended!', [], ['langcode' => $langcode]);
591 592
      }
      else {
593
        $text = t('The installed version of at least one of your modules or themes is no longer supported. Upgrading or disabling is strongly recommended. See the project homepage for more details.', [], ['langcode' => $langcode]);
594 595 596
      }
      break;

597 598
    case UPDATE_NOT_CURRENT:
      if ($msg_type == 'core') {
599
        $text = t('There are updates available for your version of Drupal. To ensure the proper functioning of your site, you should update as soon as possible.', [], ['langcode' => $langcode]);
600 601
      }
      else {
602
        $text = t('There are updates available for one or more of your modules or themes. To ensure the proper functioning of your site, you should update as soon as possible.', [], ['langcode' => $langcode]);
603 604 605
      }
      break;

606 607
    case UPDATE_UNKNOWN:
    case UPDATE_NOT_CHECKED:
608
    case UPDATE_NOT_FETCHED:
609
    case UPDATE_FETCH_PENDING:
610
      if ($msg_type == 'core') {
611
        $text = t('There was a problem checking <a href=":update-report">available updates</a> for Drupal.', [':update-report' => \Drupal::url('update.status')], ['langcode' => $langcode]);
612 613
      }
      else {
614
        $text = t('There was a problem checking <a href=":update-report">available updates</a> for your modules or themes.', [':update-report' => \Drupal::url('update.status')], ['langcode' => $langcode]);
615 616 617 618
      }
      break;
  }

619
  return $text;
620
}
621 622

/**
623
 * Orders projects based on their status.
624
 *
625
 * Callback for uasort() within update_requirements().
626 627 628 629 630 631 632 633 634 635
 */
function _update_project_status_sort($a, $b) {
  // The status constants are numerically in the right order, so we can
  // usually subtract the two to compare in the order we want. However,
  // negative status values should be treated as if they are huge, since we
  // always want them at the bottom of the list.
  $a_status = $a['status'] > 0 ? $a['status'] : (-10 * $a['status']);
  $b_status = $b['status'] > 0 ? $b['status'] : (-10 * $b['status']);
  return $a_status - $b_status;
}
636

637
/**
638 639 640
 * Prepares variables for last time update data was checked templates.
 *
 * Default template: update-last-check.html.twig.
641
 *
642
 * In addition to properly formatting the given timestamp, this function also
643 644 645 646
 * provides a "Check manually" link that refreshes the available update and
 * redirects back to the same page.
 *
 * @param $variables
647
 *   An associative array containing:
648
 *   - last: The timestamp when the site last checked for available updates.
649 650 651
 *
 * @see theme_update_report()
 */
652
function template_preprocess_update_last_check(&$variables) {
653
  $variables['time'] = \Drupal::service('date.formatter')->formatTimeDiffSince($variables['last']);
654
  $variables['link'] = \Drupal::l(t('Check manually'), new Url('update.manual_status', [], ['query' => \Drupal::destination()->getAsArray()]));
655 656
}

657 658 659 660
/**
 * Implements hook_verify_update_archive().
 *
 * First, we ensure that the archive isn't a copy of Drupal core, which the
661
 * update manager does not yet support. See https://www.drupal.org/node/606592.
662
 *
663
 * Then, we make sure that at least one module included in the archive file has
664
 * an .info.yml file which claims that the code is compatible with the current
665
 * version of Drupal core.
666
 *
667
 * @see \Drupal\Core\Extension\ExtensionDiscovery
668 669
 */
function update_verify_update_archive($project, $archive_file, $directory) {
670
  $errors = [];
671 672 673 674

  // Make sure this isn't a tarball of Drupal core.
  if (
    file_exists("$directory/$project/index.php")
675
    && file_exists("$directory/$project/core/install.php")
676 677 678
    && file_exists("$directory/$project/core/includes/bootstrap.inc")
    && file_exists("$directory/$project/core/modules/node/node.module")
    && file_exists("$directory/$project/core/modules/system/system.module")
679
  ) {
680 681 682
    return [
      'no-core' => t('Automatic updating of Drupal core is not supported. See the <a href=":upgrade-guide">upgrade guide</a> for information on how to update Drupal core manually.', [':upgrade-guide' => 'https://www.drupal.org/upgrade']),
    ];
683 684
  }

685
  // Parse all the .info.yml files and make sure at least one is compatible with
686 687 688 689 690
  // this version of Drupal core. If one is compatible, then the project as a
  // whole is considered compatible (since, for example, the project may ship
  // with some out-of-date modules that are not necessary for its overall
  // functionality).
  $compatible_project = FALSE;
691 692
  $incompatible = [];
  $files = file_scan_directory("$directory/$project", '/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.info.yml$/', ['key' => 'name', 'min_depth' => 0]);
693
  foreach ($files as $file) {
694
    // Get the .info.yml file for the module or theme this file belongs to.
695
    $info = \Drupal::service('info_parser')->parse($file->uri);
696 697

    // If the module or theme is incompatible with Drupal core, set an error.
698
    if (empty($info['core']) || $info['core'] != \Drupal::CORE_COMPATIBILITY) {
699
      $incompatible[] = !empty($info['name']) ? $info['name'] : t('Unknown');
700
    }
701 702 703 704 705 706 707
    else {
      $compatible_project = TRUE;
      break;
    }
  }

  if (empty($files)) {
708
    $errors[] = t('%archive_file does not contain any .info.yml files.', ['%archive_file' => drupal_basename($archive_file)]);
709
  }
710
  elseif (!$compatible_project) {
711
    $errors[] = \Drupal::translation()->formatPlural(
712
      count($incompatible),
713 714
      '%archive_file contains a version of %names that is not compatible with Drupal @version.',
      '%archive_file contains versions of modules or themes that are not compatible with Drupal @version: %names',
715
      ['@version' => \Drupal::CORE_COMPATIBILITY, '%archive_file' => drupal_basename($archive_file), '%names' => implode(', ', $incompatible)]
716 717 718 719 720 721
    );
  }

  return $errors;
}

722
/**
723
 * Invalidates stored data relating to update status.
724
 */
725
function update_storage_clear() {
726 727
  \Drupal::keyValueExpirable('update')->deleteAll();
  \Drupal::keyValueExpirable('update_available_release')->deleteAll();
728 729
}

730
/**
731
 * Returns a short unique identifier for this Drupal installation.
732 733 734 735 736 737 738
 *
 * @return
 *   An eight character string uniquely identifying this Drupal installation.
 */
function _update_manager_unique_identifier() {
  $id = &drupal_static(__FUNCTION__, '');
  if (empty($id)) {
739
    $id = substr(hash('sha256', Settings::getHashSalt()), 0, 8);
740 741 742 743 744
  }
  return $id;
}

/**
745
 * Returns the directory where update archive files should be extracted.
746 747
 *
 * @param $create
748 749
 *   (optional) Whether to attempt to create the directory if it does not
 *   already exist. Defaults to TRUE.
750 751
 *
 * @return
752 753
 *   The full path to the temporary directory where update file archives should
 *   be extracted.
754 755 756 757 758 759 760 761 762 763 764 765 766
 */
function _update_manager_extract_directory($create = TRUE) {
  $directory = &drupal_static(__FUNCTION__, '');
  if (empty($directory)) {
    $directory = 'temporary://update-extraction-' . _update_manager_unique_identifier();
    if ($create && !file_exists($directory)) {
      mkdir($directory);
    }
  }
  return $directory;
}

/**
767
 * Returns the directory where update archive files should be cached.
768 769
 *
 * @param $create
770 771
 *   (optional) Whether to attempt to create the directory if it does not
 *   already exist. Defaults to TRUE.
772 773
 *
 * @return
774 775
 *   The full path to the temporary directory where update file archives should
 *   be cached.
776 777 778 779 780 781 782 783 784 785 786 787
 */
function _update_manager_cache_directory($create = TRUE) {
  $directory = &drupal_static(__FUNCTION__, '');
  if (empty($directory)) {
    $directory = 'temporary://update-cache-' . _update_manager_unique_identifier();
    if ($create && !file_exists($directory)) {
      mkdir($directory);
    }
  }
  return $directory;
}

788
/**
789
 * Clears the temporary files and directories based on file age from disk.
790 791
 */
function update_clear_update_disk_cache() {
792 793
  // List of update module cache directories. Do not create the directories if
  // they do not exist.
794
  $directories = [
795 796
    _update_manager_cache_directory(FALSE),
    _update_manager_extract_directory(FALSE),
797
  ];
798 799 800

  // Search for files and directories in base folder only without recursion.
  foreach ($directories as $directory) {
801
    file_scan_directory($directory, '/.*/', ['callback' => 'update_delete_file_if_stale', 'recurse' => FALSE]);
802 803 804 805
  }
}

/**
806
 * Deletes stale files and directories from the update manager disk cache.
807
 *
808 809 810
 * Files and directories older than 6 hours and development snapshots older than
 * 5 minutes are considered stale. We only cache development snapshots for 5
 * minutes since otherwise updated snapshots might not be downloaded as
811 812 813
 * expected.
 *
 * When checking file ages, we need to use the ctime, not the mtime
814 815 816 817 818
 * (modification time) since many (all?) tar implementations go out of their way
 * to set the mtime on the files they create to the timestamps recorded in the
 * tarball. We want to see the last time the file was changed on disk, which is
 * left alone by tar and correctly set to the time the archive file was
 * unpacked.
819 820 821 822 823 824 825
 *
 * @param $path
 *   A string containing a file path or (streamwrapper) URI.
 */
function update_delete_file_if_stale($path) {
  if (file_exists($path)) {
    $filectime = filectime($path);
826 827 828
    $max_age = \Drupal::config('system.file')->get('temporary_maximum_age');

    if (REQUEST_TIME - $filectime > $max_age || (preg_match('/.*-dev\.(tar\.gz|zip)/i', $path) && REQUEST_TIME - $filectime > 300)) {
829 830 831 832
      file_unmanaged_delete_recursive($path);
    }
  }
}