update.fetch.inc 14.8 KB
Newer Older
1 2 3 4 5 6 7
<?php

/**
 * @file
 * Code required only when fetching information about available updates.
 */

8
use Guzzle\Http\Exception\RequestException;
9
use Drupal\Component\Utility\Crypt;
10

11
/**
12 13 14 15 16
 * Page callback: Checks for updates and displays the update status report.
 *
 * Manually checks the update status without the use of cron.
 *
 * @see update_menu()
17 18
 */
function update_manual_status() {
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
  _update_refresh();
  $batch = array(
    'operations' => array(
      array('update_fetch_data_batch', array()),
    ),
    'finished' => 'update_fetch_data_finished',
    'title' => t('Checking available update data'),
    'progress_message' => t('Trying to check available update data ...'),
    'error_message' => t('Error checking available update data.'),
    'file' => drupal_get_path('module', 'update') . '/update.fetch.inc',
  );
  batch_set($batch);
  batch_process('admin/reports/updates');
}

/**
35 36 37 38
 * Batch callback: Processes a step in batch for fetching available update data.
 *
 * @param $context
 *   Reference to an array used for Batch API storage.
39 40
 */
function update_fetch_data_batch(&$context) {
41
  $queue = Drupal::queue('update_fetch_tasks');
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
  if (empty($context['sandbox']['max'])) {
    $context['finished'] = 0;
    $context['sandbox']['max'] = $queue->numberOfItems();
    $context['sandbox']['progress'] = 0;
    $context['message'] = t('Checking available update data ...');
    $context['results']['updated'] = 0;
    $context['results']['failures'] = 0;
    $context['results']['processed'] = 0;
  }

  // Grab another item from the fetch queue.
  for ($i = 0; $i < 5; $i++) {
    if ($item = $queue->claimItem()) {
      if (_update_process_fetch_task($item->data)) {
        $context['results']['updated']++;
        $context['message'] = t('Checked available update data for %title.', array('%title' => $item->data['info']['name']));
      }
      else {
        $context['message'] = t('Failed to check available update data for %title.', array('%title' => $item->data['info']['name']));
        $context['results']['failures']++;
      }
      $context['sandbox']['progress']++;
      $context['results']['processed']++;
      $context['finished'] = $context['sandbox']['progress'] / $context['sandbox']['max'];
      $queue->deleteItem($item);
    }
    else {
      // If the queue is currently empty, we're done. It's possible that
      // another thread might have added new fetch tasks while we were
      // processing this batch. In that case, the usual 'finished' math could
      // get confused, since we'd end up processing more tasks that we thought
      // we had when we started and initialized 'max' with numberOfItems(). By
      // forcing 'finished' to be exactly 1 here, we ensure that batch
      // processing is terminated.
      $context['finished'] = 1;
      return;
    }
  }
}

/**
83
 * Batch callback: Performs actions when all fetch tasks have been completed.
84 85
 *
 * @param $success
86
 *   TRUE if the batch operation was successful; FALSE if there were errors.
87
 * @param $results
88
 *   An associative array of results from the batch operation, including the key
89 90 91 92 93 94 95 96 97 98 99 100 101
 *   'updated' which holds the total number of projects we fetched available
 *   update data for.
 */
function update_fetch_data_finished($success, $results) {
  if ($success) {
    if (!empty($results)) {
      if (!empty($results['updated'])) {
        drupal_set_message(format_plural($results['updated'], 'Checked available update data for one project.', 'Checked available update data for @count projects.'));
      }
      if (!empty($results['failures'])) {
        drupal_set_message(format_plural($results['failures'], 'Failed to get available update data for one project.', 'Failed to get available update data for @count projects.'), 'error');
      }
    }
102 103
  }
  else {
104
    drupal_set_message(t('An error occurred trying to get available update data.'), 'error');
105 106 107 108
  }
}

/**
109
 * Attempts to drain the queue of tasks for release history data to fetch.
110
 */
111
function _update_fetch_data() {
112
  $queue = Drupal::queue('update_fetch_tasks');
113
  $end = time() + config('update.settings')->get('fetch.timeout');
114 115 116 117 118 119 120
  while (time() < $end && ($item = $queue->claimItem())) {
    _update_process_fetch_task($item->data);
    $queue->deleteItem($item);
  }
}

/**
121
 * Processes a task to fetch available update data for a single project.
122
 *
123 124
 * Once the release history XML data is downloaded, it is parsed and saved in an
 * entry just for that project.
125 126 127
 *
 * @param $project
 *   Associative array of information about the project to fetch data for.
128
 *
129 130 131 132
 * @return
 *   TRUE if we fetched parsable XML, otherwise FALSE.
 */
function _update_process_fetch_task($project) {
133
  global $base_url;
134
  $update_config = config('update.settings');
135
  $fail = &drupal_static(__FUNCTION__, array());
136 137
  // This can be in the middle of a long-running batch, so REQUEST_TIME won't
  // necessarily be valid.
138
  $request_time_difference = time() - REQUEST_TIME;
139 140
  if (empty($fail)) {
    // If we have valid data about release history XML servers that we have
141 142
    // failed to fetch from on previous attempts, load that.
    $fail = Drupal::keyValueExpirable('update')->get('fetch_failures');
143 144
  }

145
  $max_fetch_attempts = $update_config->get('fetch.max_attempts');
146 147 148

  $success = FALSE;
  $available = array();
149
  $site_key = Crypt::hmacBase64($base_url, drupal_get_private_key());
150 151 152 153 154
  $url = _update_build_fetch_url($project, $site_key);
  $fetch_url_base = _update_get_fetch_url_base($project);
  $project_name = $project['name'];

  if (empty($fail[$fetch_url_base]) || $fail[$fetch_url_base] < $max_fetch_attempts) {
155 156 157 158 159
    try {
      $data = Drupal::httpClient()
        ->get($url, array('Accept' => 'text/xml'))
        ->send()
        ->getBody(TRUE);
160
    }
161 162
    catch (RequestException $exception) {
      watchdog_exception('update', $exception);
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183
    }
  }

  if (!empty($data)) {
    $available = update_parse_xml($data);
    // @todo: Purge release data we don't need (http://drupal.org/node/238950).
    if (!empty($available)) {
      // Only if we fetched and parsed something sane do we return success.
      $success = TRUE;
    }
  }
  else {
    $available['project_status'] = 'not-fetched';
    if (empty($fail[$fetch_url_base])) {
      $fail[$fetch_url_base] = 1;
    }
    else {
      $fail[$fetch_url_base]++;
    }
  }

184
  $frequency = $update_config->get('check.interval_days');
185 186
  $available['last_fetch'] = REQUEST_TIME + $request_time_difference;
  Drupal::keyValueExpirable('update_available_releases')->setWithExpire($project_name, $available, $request_time_difference + (60 * 60 * 24 * $frequency));
187 188

  // Stash the $fail data back in the DB for the next 5 minutes.
189
  Drupal::keyValueExpirable('update')->setWithExpire('fetch_failures', $fail, $request_time_difference + (60 * 5));
190 191

  // Whether this worked or not, we did just (try to) check for updates.
192
  Drupal::state()->set('update.last_check', REQUEST_TIME + $request_time_difference);
193 194

  // Now that we processed the fetch task for this project, clear out the
195 196
  // record for this task so we're willing to fetch again.
  drupal_container()->get('keyvalue')->get('update_fetch_task')->delete($project_name);
197 198 199 200 201

  return $success;
}

/**
202
 * Clears out all the available update data and initiates re-fetching.
203 204
 */
function _update_refresh() {
205
  module_load_include('inc', 'update', 'update.compare');
206

207
  // Since we're fetching new available update data, we want to clear
208 209 210 211
  // of both the projects we care about, and the current update status of the
  // site. We do *not* want to clear the cache of available releases just yet,
  // since that data (even if it's stale) can be useful during
  // update_get_projects(); for example, to modules that implement
212
  // hook_system_info_alter() such as cvs_deploy.
213 214
  Drupal::keyValueExpirable('update')->delete('update_project_projects');
  Drupal::keyValueExpirable('update')->delete('update_project_data');
215

216 217
  $projects = update_get_projects();

218 219 220 221
  // Now that we have the list of projects, we should also clear the available
  // release data, since even if we fail to fetch new data, we need to clear
  // out the stale data at this point.
  Drupal::keyValueExpirable('update_available_releases')->deleteAll();
222

223
  foreach ($projects as $key => $project) {
224
    update_create_fetch_task($project);
225
  }
226
}
227

228
/**
229
 * Adds a task to the queue for fetching release history data for a project.
230 231
 *
 * We only create a new fetch task if there's no task already in the queue for
232
 * this particular project (based on 'update_fetch_task' key-value collection).
233 234 235
 *
 * @param $project
 *   Associative array of information about a project as created by
236
 *   update_get_projects(), including keys such as 'name' (short name), and the
237
 *   'info' array with data from a .info.yml file for the project.
238 239 240 241 242 243 244 245 246 247
 *
 * @see update_get_projects()
 * @see update_get_available()
 * @see update_refresh()
 * @see update_fetch_data()
 * @see _update_process_fetch_task()
 */
function _update_create_fetch_task($project) {
  $fetch_tasks = &drupal_static(__FUNCTION__, array());
  if (empty($fetch_tasks)) {
248
    $fetch_tasks = drupal_container()->get('keyvalue')->get('update_fetch_task')->getAll();
249
  }
250
  if (empty($fetch_tasks[$project['name']])) {
251
    $queue = Drupal::queue('update_fetch_tasks');
252
    $queue->createItem($project);
253 254
    drupal_container()->get('keyvalue')->get('update_fetch_task')->set($project['name'], $project);
    $fetch_tasks[$project['name']] = REQUEST_TIME;
255 256 257 258 259 260
  }
}

/**
 * Generates the URL to fetch information about project updates.
 *
261 262
 * This figures out the right URL to use, based on the project's .info.yml file
 * and the global defaults. Appends optional query arguments when the site is
263 264 265 266 267
 * configured to report usage stats.
 *
 * @param $project
 *   The array of project information from update_get_projects().
 * @param $site_key
268 269 270 271
 *   (optional) The anonymous site key hash. Defaults to an empty string.
 *
 * @return
 *   The URL for fetching information about updates to the specified project.
272
 *
273 274
 * @see update_fetch_data()
 * @see _update_process_fetch_task()
275 276 277 278
 * @see update_get_projects()
 */
function _update_build_fetch_url($project, $site_key = '') {
  $name = $project['name'];
279
  $url = _update_get_fetch_url_base($project);
280
  $url .= '/' . $name . '/' . DRUPAL_CORE_COMPATIBILITY;
281 282 283

  // Only append usage infomation if we have a site key and the project is
  // enabled. We do not want to record usage statistics for disabled projects.
284
  if (!empty($site_key) && (strpos($project['project_type'], 'disabled') === FALSE)) {
285
    // Append the site key.
286
    $url .= (strpos($url, '?') !== FALSE) ? '&' : '?';
287
    $url .= 'site_key=';
288
    $url .= rawurlencode($site_key);
289 290

    // Append the version.
291 292
    if (!empty($project['info']['version'])) {
      $url .= '&version=';
293
      $url .= rawurlencode($project['info']['version']);
294
    }
295 296 297 298 299

    // Append the list of modules or themes enabled.
    $list = array_keys($project['includes']);
    $url .= '&list=';
    $url .= rawurlencode(implode(',', $list));
300 301 302 303
  }
  return $url;
}

304
/**
305
 * Returns the base of the URL to fetch available update data for a project.
306 307 308
 *
 * @param $project
 *   The array of project information from update_get_projects().
309
 *
310 311 312 313 314 315 316 317
 * @return
 *   The base of the URL used for fetching available update data. This does
 *   not include the path elements to specify a particular project, version,
 *   site_key, etc.
 *
 * @see _update_build_fetch_url()
 */
function _update_get_fetch_url_base($project) {
318 319 320 321 322 323 324 325 326 327
  if (isset($project['info']['project status url'])) {
    $url = $project['info']['project status url'];
  }
  else {
    $url = config('update.settings')->get('fetch.url');
    if (empty($url)) {
      $url = UPDATE_DEFAULT_URL;
    }
  }
  return $url;
328 329
}

330
/**
331
 * Performs any notifications that should be done once cron fetches new data.
332
 *
333 334
 * This method checks the status of the site using the new data and, depending
 * on the configuration of the site, notifies administrators via e-mail if there
335 336 337 338 339
 * are new releases or missing security updates.
 *
 * @see update_requirements()
 */
function _update_cron_notify() {
340
  $update_config = config('update.settings');
341
  module_load_install('update');
342 343
  $status = update_requirements('runtime');
  $params = array();
344
  $notify_all = ($update_config->get('notification.threshold') == 'all');
345
  foreach (array('core', 'contrib') as $report_type) {
346
    $type = 'update_' . $report_type;
347
    if (isset($status[$type]['severity'])
348
        && ($status[$type]['severity'] == REQUIREMENT_ERROR || ($notify_all && $status[$type]['reason'] == UPDATE_NOT_CURRENT))) {
349 350 351 352
      $params[$report_type] = $status[$type]['reason'];
    }
  }
  if (!empty($params)) {
353
    $notify_list = $update_config->get('notification.emails');
354
    if (!empty($notify_list)) {
355
      $default_langcode = language_default()->langcode;
356
      foreach ($notify_list as $target) {
357
        if ($target_user = user_load_by_mail($target)) {
358
          $target_langcode = user_preferred_langcode($target_user);
359 360
        }
        else {
361
          $target_langcode = $default_langcode;
362
        }
363
        $message = drupal_mail('update', 'status_notify', $target, $target_langcode, $params);
364 365 366
        // Track when the last mail was successfully sent to avoid sending
        // too many e-mails.
        if ($message['result']) {
367
          Drupal::state()->set('update.last_email_notification', REQUEST_TIME);
368
        }
369 370 371 372 373 374
      }
    }
  }
}

/**
375
 * Parses the XML of the Drupal release history info files.
376
 *
377 378
 * @param $raw_xml
 *   A raw XML string of available release data for a given project.
379 380
 *
 * @return
381 382
 *   Array of parsed data about releases for a given project, or NULL if there
 *   was an error parsing the string.
383
 */
384 385 386 387 388 389 390 391 392 393
function update_parse_xml($raw_xml) {
  try {
    $xml = new SimpleXMLElement($raw_xml);
  }
  catch (Exception $e) {
    // SimpleXMLElement::__construct produces an E_WARNING error message for
    // each error found in the XML data and throws an exception if errors
    // were detected. Catch any exception and return failure (NULL).
    return;
  }
394 395 396 397
  // If there is no valid project data, the XML is invalid, so return failure.
  if (!isset($xml->short_name)) {
    return;
  }
398
  $short_name = (string) $xml->short_name;
399
  $data = array();
400
  foreach ($xml as $k => $v) {
401
    $data[$k] = (string) $v;
402 403
  }
  $data['releases'] = array();
404 405
  if (isset($xml->releases)) {
    foreach ($xml->releases->children() as $release) {
406
      $version = (string) $release->version;
407 408
      $data['releases'][$version] = array();
      foreach ($release->children() as $k => $v) {
409
        $data['releases'][$version][$k] = (string) $v;
410 411 412 413
      }
      $data['releases'][$version]['terms'] = array();
      if ($release->terms) {
        foreach ($release->terms->children() as $term) {
414 415
          if (!isset($data['releases'][$version]['terms'][(string) $term->name])) {
            $data['releases'][$version]['terms'][(string) $term->name] = array();
416
          }
417
          $data['releases'][$version]['terms'][(string) $term->name][] = (string) $term->value;
418
        }
419 420 421
      }
    }
  }
422
  return $data;
423
}