system.module 61.8 KB
Newer Older
Dries's avatar
 
Dries committed
1 2
<?php

Dries's avatar
 
Dries committed
3 4 5 6 7
/**
 * @file
 * Configuration system that lets administrators modify the workings of the site.
 */

8
use Drupal\Component\Render\PlainTextOutput;
9
use Drupal\Component\Utility\UrlHelper;
10
use Drupal\Core\Asset\AttachedAssetsInterface;
11
use Drupal\Core\Cache\Cache;
12
use Drupal\Core\Queue\QueueGarbageCollectionInterface;
13
use Drupal\Core\Database\Query\AlterableInterface;
14
use Drupal\Core\Extension\Extension;
15
use Drupal\Core\Extension\ExtensionDiscovery;
16
use Drupal\Core\Form\FormStateInterface;
17
use Drupal\Core\KeyValueStore\KeyValueDatabaseExpirableFactory;
18
use Drupal\Core\PageCache\RequestPolicyInterface;
19
use Drupal\Core\PhpStorage\PhpStorageFactory;
20
use Drupal\Core\Routing\RouteMatchInterface;
21
use Drupal\Core\Routing\StackedRouteMatchInterface;
22
use Drupal\Core\Language\LanguageInterface;
23
use Drupal\Core\Menu\MenuTreeParameters;
24
use Drupal\Core\Extension\ModuleHandler;
25
use Drupal\Core\Url;
26
use Drupal\Core\Block\BlockPluginInterface;
27
use Drupal\user\UserInterface;
28
use Symfony\Component\HttpFoundation\RedirectResponse;
29
use GuzzleHttp\Exception\RequestException;
30

31 32
/**
 * New users will be set to the default time zone at registration.
33 34 35
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\user\UserInterface::TIMEZONE_DEFAULT instead.
36 37
 *
 * @see https://www.drupal.org/node/2831620
38
 */
39
const DRUPAL_USER_TIMEZONE_DEFAULT = 0;
40 41 42

/**
 * New users will get an empty time zone at registration.
43 44 45
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\user\UserInterface::TIMEZONE_EMPTY instead.
46 47
 *
 * @see https://www.drupal.org/node/2831620
48
 */
49
const DRUPAL_USER_TIMEZONE_EMPTY = 1;
50 51 52

/**
 * New users will select their own timezone at registration.
53 54 55
 *
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\user\UserInterface::TIMEZONE_SELECT instead.
56 57
 *
 * @see https://www.drupal.org/node/2831620
58
 */
59
const DRUPAL_USER_TIMEZONE_SELECT = 2;
60

61
/**
62 63
 * Disabled option on forms and settings
 */
64
const DRUPAL_DISABLED = 0;
65 66 67 68

/**
 * Optional option on forms and settings
 */
69
const DRUPAL_OPTIONAL = 1;
70 71 72 73

/**
 * Required option on forms and settings
 */
74
const DRUPAL_REQUIRED = 2;
75

76
/**
77
 * Return only visible regions.
78
 *
79 80 81
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\block\BlockRepositoryInterface::REGIONS_VISIBLE instead.
 *
82
 * @see system_region_list()
83
 * @see https://www.drupal.org/node/2831620
84
 */
85
const REGIONS_VISIBLE = 'visible';
86 87

/**
88
 * Return all regions.
89
 *
90 91 92
 * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
 *   Use \Drupal\block\BlockRepositoryInterface::REGIONS_ALL instead.
 *
93
 * @see system_region_list()
94
 * @see https://www.drupal.org/node/2831620
95
 */
96
const REGIONS_ALL = 'all';
97

Dries's avatar
 
Dries committed
98
/**
99
 * Implements hook_help().
Dries's avatar
 
Dries committed
100
 */
101
function system_help($route_name, RouteMatchInterface $route_match) {
102 103
  switch ($route_name) {
    case 'help.page.system':
104 105
      $output = '';
      $output .= '<h3>' . t('About') . '</h3>';
106
      $output .= '<p>' . t('The System module is integral to the site: it provides user interfaces for many core systems and settings, as well as the basic administrative menu structure. For more information, see the <a href=":system">online documentation for the System module</a>.', [':system' => 'https://www.drupal.org/documentation/modules/system']) . '</p>';
107 108 109
      $output .= '<h3>' . t('Uses') . '</h3>';
      $output .= '<dl>';
      $output .= '<dt>' . t('Managing modules') . '</dt>';
110
      $output .= '<dd>' . t('Users with appropriate permission can install and uninstall modules from the <a href=":modules">Extend page</a>. Depending on which distribution or installation profile you choose when you install your site, several modules are installed and others are provided but not installed. Each module provides a discrete set of features; modules may be installed or uninstalled depending on the needs of the site. Many additional modules contributed by members of the Drupal community are available for download from the <a href=":drupal-modules">Drupal.org module page</a>. Note that uninstalling a module is a destructive action: when you uninstall a module, you will permanently lose all data connected to the module.', [':modules' => \Drupal::url('system.modules_list'), ':drupal-modules' => 'https://www.drupal.org/project/modules']) . '</dd>';
111
      $output .= '<dt>' . t('Managing themes') . '</dt>';
112
      $output .= '<dd>' . t('Users with appropriate permission can install and uninstall themes on the <a href=":themes">Appearance page</a>. Themes determine the design and presentation of your site. Depending on which distribution or installation profile you choose when you install your site, a default theme is installed, and possibly a different theme for administration pages. Other themes are provided but not installed, and additional contributed themes are available at the <a href=":drupal-themes">Drupal.org theme page</a>.', [':themes' => \Drupal::url('system.themes_page'), ':drupal-themes' => 'https://www.drupal.org/project/themes']) . '</dd>';
113
      $output .= '<dt>' . t('Disabling drag-and-drop functionality') . '</dt>';
114 115
      $output .= '<dd>' . t('The default drag-and-drop user interface for ordering tables in the administrative interface presents a challenge for some users, including users of screen readers and other assistive technology. The drag-and-drop interface can be disabled in a table by clicking a link labeled "Show row weights" above the table. The replacement interface allows users to order the table by choosing numerical weights instead of dragging table rows.') . '</dd>';
      $output .= '<dt>' . t('Configuring basic site settings') . '</dt>';
116
      $output .= '<dd>' . t('The System module provides pages for managing basic site configuration, including <a href=":date-time-settings">Date and time formats</a> and <a href=":site-info">Basic site settings</a> (site name, email address to send mail from, home page, and error pages). Additional configuration pages are listed on the main <a href=":config">Configuration page</a>.', [':date-time-settings' => \Drupal::url('entity.date_format.collection'), ':site-info' => \Drupal::url('system.site_information_settings'), ':config' => \Drupal::url('system.admin_config')]) . '</dd>';
117
      $output .= '<dt>' . t('Checking site status') . '</dt>';
118
      $output .= '<dd>' . t('The <a href=":status">Status report</a> provides an overview of the configuration, status, and health of your site. Review this report to make sure there are not any problems to address, and to find information about the software your site and web server are using.', [':status' => \Drupal::url('system.status')]) . '</dd>';
119
      $output .= '<dt>' . t('Using maintenance mode') . '</dt>';
120
      $output .= '<dd>' . t('When you are performing site maintenance, you can prevent non-administrative users (including anonymous visitors) from viewing your site by putting it in <a href=":maintenance-mode">Maintenance mode</a>. This will prevent unauthorized users from making changes to the site while you are performing maintenance, or from seeing a broken site while updates are in progress.', [':maintenance-mode' => \Drupal::url('system.site_maintenance_mode')]) . '</dd>';
121
      $output .= '<dt>' . t('Configuring for performance') . '</dt>';
122
      $output .= '<dd>' . t('On the <a href=":performance-page">Performance page</a>, the site can be configured to aggregate CSS and JavaScript files, making the total request size smaller. Note that, for small- to medium-sized websites, the <a href=":page-cache">Internal Page Cache module</a> should be installed so that pages are efficiently cached and reused for anonymous users. Finally, for websites of all sizes, the <a href=":dynamic-page-cache">Dynamic Page Cache module</a> should also be installed so that the non-personalized parts of pages are efficiently cached (for all users).', [':performance-page' => \Drupal::url('system.performance_settings'), ':page-cache' => (\Drupal::moduleHandler()->moduleExists('page_cache')) ? \Drupal::url('help.page', ['name' => 'page_cache']) : '#', ':dynamic-page-cache' => (\Drupal::moduleHandler()->moduleExists('dynamic_page_cache')) ? \Drupal::url('help.page', ['name' => 'dynamic_page_cache']) : '#']) . '</dd>';
123
      $output .= '<dt>' . t('Configuring cron') . '</dt>';
124
      $output .= '<dd>' . t('In order for the site and its modules to continue to operate well, a set of routine administrative operations must run on a regular basis; these operations are known as <em>cron</em> tasks. On the <a href=":cron">Cron page</a>, you can configure cron to run periodically as part of server responses by installing the <em>Automated Cron</em> module, or you can turn this off and trigger cron from an outside process on your web server. You can verify the status of cron tasks by visiting the <a href=":status">Status report page</a>. For more information, see the <a href=":handbook">online documentation for configuring cron jobs</a>.', [':status' => \Drupal::url('system.status'), ':handbook' => 'https://www.drupal.org/cron', ':cron' => \Drupal::url('system.cron_settings')]) . '</dd>';
125
      $output .= '<dt>' . t('Configuring the file system') . '</dt>';
126
      $output .= '<dd>' . t('Your site has several file directories, which are used to store and process uploaded and generated files. The <em>public</em> file directory, which is configured in your settings.php file, is the default place for storing uploaded files. Links to files in this directory contain the direct file URL, so when the files are requested, the web server will send them directly without invoking your site code. This means that the files can be downloaded by anyone with the file URL, so requests are not access-controlled but they are efficient. The <em>private</em> file directory, also configured in your settings.php file and ideally located outside the site web root, is access controlled. Links to files in this directory are not direct, so requests to these files are mediated by your site code. This means that your site can check file access permission for each file before deciding to fulfill the request, so the requests are more secure, but less efficient. You should only use the private storage for files that need access control, not for files like your site logo and background images used on every page. The <em>temporary</em> file directory is used internally by your site code for various operations, and is configured on the <a href=":file-system">File system settings</a> page. You can also see the configured public and private file directories on this page, and choose whether public or private should be the default for uploaded files.', [':file-system' => \Drupal::url('system.file_system_settings')]) . '</dd>';
127
      $output .= '<dt>' . t('Configuring the image toolkit') . '</dt>';
128
      $output .= '<dd>' . t('On the <a href=":toolkit">Image toolkit page</a>, you can select and configure the PHP toolkit used to manipulate images. Depending on which distribution or installation profile you choose when you install your site, the GD2 toolkit and possibly others are included; other toolkits may be provided by contributed modules.', [':toolkit' => \Drupal::url('system.image_toolkit_settings')]) . '</dd>';
129
      $output .= '</dl>';
130
      return $output;
131 132

    case 'system.admin_index':
133
      return '<p>' . t('This page shows you all available administration tasks for each module.') . '</p>';
134 135

    case 'system.themes_page':
136
      $output = '<p>' . t('Set and configure the default theme for your website.  Alternative <a href=":themes">themes</a> are available.', [':themes' => 'https://www.drupal.org/project/themes']) . '</p>';
137
      if (\Drupal::moduleHandler()->moduleExists('block')) {
138
        $output .= '<p>' . t('You can place blocks for each theme on the <a href=":blocks">block layout</a> page.', [':blocks' => \Drupal::url('block.admin_display')]) . '</p>';
139
      }
140
      return $output;
141 142

    case 'system.theme_settings_theme':
143
      $theme_list = \Drupal::service('theme_handler')->listInfo();
144
      $theme = $theme_list[$route_match->getParameter('theme')];
145
      return '<p>' . t('These options control the display settings for the %name theme. When your site is displayed using this theme, these settings will be used.', ['%name' => $theme->info['name']]) . '</p>';
146 147

    case 'system.theme_settings':
148
      return '<p>' . t('Control default display settings for your site, across all themes. Use theme-specific settings to override these defaults.') . '</p>';
149 150

    case 'system.modules_list':
151
      $output = '<p>' . t('Download additional <a href=":modules">contributed modules</a> to extend your site\'s functionality.', [':modules' => 'https://www.drupal.org/project/modules']) . '</p>';
152
      if (!\Drupal::moduleHandler()->moduleExists('update')) {
153
        $output .= '<p>' . t('Regularly review available updates to maintain a secure and current site. Always run the <a href=":update-php">update script</a> each time a module is updated. Enable the <a href=":update-manager">Update Manager module</a> to update and install modules and themes.', [':update-php' => \Drupal::url('system.db_update'), ':update-manager' => \Drupal::url('system.modules_list', [], ['fragment' => 'module-update'])]) . '</p>';
154
      }
155
      return $output;
156 157

    case 'system.modules_uninstall':
158
      return '<p>' . t('The uninstall process removes all data related to a module.') . '</p>';
159

160
    case 'entity.block.edit_form':
161
      if (($block = $route_match->getParameter('block')) && $block->getPluginId() == 'system_powered_by_block') {
162
        return '<p>' . t('The <em>Powered by Drupal</em> block is an optional link to the home page of the Drupal project. While there is absolutely no requirement that sites feature this link, it may be used to show support for Drupal.') . '</p>';
163
      }
164
      break;
165 166

    case 'block.admin_add':
167
      if ($route_match->getParameter('plugin_id') == 'system_powered_by_block') {
168 169 170 171 172
        return '<p>' . t('The <em>Powered by Drupal</em> block is an optional link to the home page of the Drupal project. While there is absolutely no requirement that sites feature this link, it may be used to show support for Drupal.') . '</p>';
      }
      break;

    case 'system.site_maintenance_mode':
173
      if (\Drupal::currentUser()->id() == 1) {
174
        return '<p>' . t('Use maintenance mode when making major updates, particularly if the updates could disrupt visitors or the update process. Examples include upgrading, importing or exporting content, modifying a theme, modifying content types, and making backups.') . '</p>';
175
      }
176
      break;
177 178

    case 'system.status':
179
      return '<p>' . t("Here you can find a short overview of your site's parameters as well as any problems detected with your installation. It may be useful to copy and paste this information into support requests filed on Drupal.org's support forums and project issue queues. Before filing a support request, ensure that your web server meets the <a href=\":system-requirements\">system requirements.</a>", [':system-requirements' => 'https://www.drupal.org/requirements']) . '</p>';
180
  }
Dries's avatar
 
Dries committed
181 182
}

183
/**
184
 * Implements hook_theme().
185
 */
186
function system_theme() {
187
  return array_merge(drupal_common_theme(), [
188
    // Normally theme suggestion templates are only picked up when they are in
189 190
    // themes. We explicitly define theme suggestions here so that the block
    // templates in core/modules/system/templates are picked up.
191
    'block__system_branding_block' => [
192
      'render element' => 'elements',
193
      'base hook' => 'block',
194 195
    ],
    'block__system_messages_block' => [
196
      'base hook' => 'block',
197 198
    ],
    'block__system_menu_block' => [
199 200
      'render element' => 'elements',
      'base hook' => 'block',
201 202 203 204 205 206
    ],
    'system_themes_page' => [
      'variables' => [
        'theme_groups' => [],
        'theme_group_titles' => [],
      ],
207
      'file' => 'system.admin.inc',
208 209
    ],
    'system_config_form' => [
210
      'render element' => 'form',
211 212
    ],
    'confirm_form' => [
213
      'render element' => 'form',
214 215
    ],
    'system_modules_details' => [
216
      'render element' => 'form',
217
      'file' => 'system.admin.inc',
218 219
    ],
    'system_modules_uninstall' => [
220
      'render element' => 'form',
221
      'file' => 'system.admin.inc',
222 223 224 225 226
    ],
    'status_report_page' => [
      'variables' => [
        'counters' => [],
        'general_info' => [],
227
        'requirements' => NULL,
228 229 230 231
      ],
    ],
    'status_report' => [
      'variables' => [
232 233
        'grouped_requirements' => NULL,
        'requirements' => NULL,
234 235 236 237
      ],
    ],
    'status_report_grouped' => [
      'variables' => [
238 239
        'grouped_requirements' => NULL,
        'requirements' => NULL,
240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257
      ],
    ],
    'status_report_counter' => [
      'variables' => ['amount' => NULL, 'text' => NULL, 'severity' => NULL],
    ],
    'status_report_general_info' => [
      'variables' => [
        'drupal' => [],
        'cron' => [],
        'database_system' => [],
        'database_system_version' => [],
        'php' => [],
        'php_memory_limit' => [],
        'webserver' => [],
      ],
    ],
    'admin_page' => [
      'variables' => ['blocks' => NULL],
258
      'file' => 'system.admin.inc',
259 260
    ],
    'admin_block' => [
261
      'variables' => ['block' => NULL, 'attributes' => []],
262
      'file' => 'system.admin.inc',
263 264 265
    ],
    'admin_block_content' => [
      'variables' => ['content' => NULL],
266
      'file' => 'system.admin.inc',
267 268 269
    ],
    'system_admin_index' => [
      'variables' => ['menu_items' => NULL],
270
      'file' => 'system.admin.inc',
271 272 273 274
    ],
    'entity_add_list' => [
      'variables' => [
        'bundles' => [],
275
        'add_bundle_message' => NULL,
276
      ],
277
      'template' => 'entity-add-list',
278 279
    ],
  ]);
280
}
281

282
/**
283
 * Implements hook_hook_info().
284 285
 */
function system_hook_info() {
286
  $hooks['token_info'] = [
287
    'group' => 'tokens',
288 289
  ];
  $hooks['token_info_alter'] = [
290
    'group' => 'tokens',
291 292
  ];
  $hooks['tokens'] = [
293
    'group' => 'tokens',
294 295
  ];
  $hooks['tokens_alter'] = [
296
    'group' => 'tokens',
297
  ];
298

299 300 301
  return $hooks;
}

302 303 304 305
/**
 * Implements hook_theme_suggestions_HOOK().
 */
function system_theme_suggestions_html(array $variables) {
306
  $path_args = explode('/', trim(\Drupal::service('path.current')->getPath(), '/'));
307
  return theme_get_suggestions($path_args, 'html');
308 309 310 311 312 313
}

/**
 * Implements hook_theme_suggestions_HOOK().
 */
function system_theme_suggestions_page(array $variables) {
314
  $path_args = explode('/', trim(\Drupal::service('path.current')->getPath(), '/'));
315
  return theme_get_suggestions($path_args, 'page');
316 317 318 319 320 321
}

/**
 * Implements hook_theme_suggestions_HOOK().
 */
function system_theme_suggestions_maintenance_page(array $variables) {
322
  $suggestions = [];
323 324 325 326 327

  // Dead databases will show error messages so supplying this template will
  // allow themers to override the page and the content completely.
  $offline = defined('MAINTENANCE_MODE');
  try {
328
    \Drupal::service('path.matcher')->isFrontPage();
329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344
  }
  catch (Exception $e) {
    // The database is not yet available.
    $offline = TRUE;
  }
  if ($offline) {
    $suggestions[] = 'maintenance_page__offline';
  }

  return $suggestions;
}

/**
 * Implements hook_theme_suggestions_HOOK().
 */
function system_theme_suggestions_region(array $variables) {
345
  $suggestions = [];
346 347 348 349 350 351
  if (!empty($variables['elements']['#region'])) {
    $suggestions[] = 'region__' . $variables['elements']['#region'];
  }
  return $suggestions;
}

352 353 354 355
/**
 * Implements hook_theme_suggestions_HOOK().
 */
function system_theme_suggestions_field(array $variables) {
356
  $suggestions = [];
357 358 359 360 361 362 363 364 365 366 367
  $element = $variables['element'];

  $suggestions[] = 'field__' . $element['#field_type'];
  $suggestions[] = 'field__' . $element['#field_name'];
  $suggestions[] = 'field__' . $element['#entity_type'] . '__' . $element['#bundle'];
  $suggestions[] = 'field__' . $element['#entity_type'] . '__' . $element['#field_name'];
  $suggestions[] = 'field__' . $element['#entity_type'] . '__' . $element['#field_name'] . '__' . $element['#bundle'];

  return $suggestions;
}

368 369 370 371 372 373 374 375 376
/**
 * Prepares variables for the list of available bundles.
 *
 * Default template: entity-add-list.html.twig.
 *
 * @param array $variables
 *   An associative array containing:
 *   - bundles: An array of bundles with the label, description, add_link keys.
 *   - add_bundle_message: The message shown when there are no bundles. Only
377
 *     available if the entity type uses bundle entities.
378 379 380 381 382 383 384 385 386
 */
function template_preprocess_entity_add_list(&$variables) {
  foreach ($variables['bundles'] as $bundle_name => $bundle_info) {
    $variables['bundles'][$bundle_name]['description'] = [
      '#markup' => $bundle_info['description'],
    ];
  }
}

387
/**
388 389 390
 * @defgroup authorize Authorized operations
 * @{
 * Functions to run operations with elevated privileges via authorize.php.
391
 *
392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411
 * Because of the Update manager functionality included in Drupal core, there
 * is a mechanism for running operations with elevated file system privileges,
 * the top-level authorize.php script. This script runs at a reduced Drupal
 * bootstrap level so that it is not reliant on the entire site being
 * functional. The operations use a FileTransfer class to manipulate code
 * installed on the system as the user that owns the files, not the user that
 * the httpd is running as.
 *
 * The first setup is to define a callback function that should be authorized
 * to run with the elevated privileges. This callback should take a
 * FileTransfer as its first argument, although you can define an array of
 * other arguments it should be invoked with. The callback should be placed in
 * a separate .inc file that will be included by authorize.php.
 *
 * To run the operation, certain data must be saved into the SESSION, and then
 * the flow of control should be redirected to the authorize.php script. There
 * are two ways to do this, either to call system_authorized_run() directly,
 * or to call system_authorized_init() and then redirect to authorize.php,
 * using the URL from system_authorized_get_url(). Redirecting yourself is
 * necessary when your authorized operation is being triggered by a form
412
 * submit handler, since calling redirecting in a submit handler is a bad
413
 * idea, and you should instead use $form_state->setRedirect().
414 415 416 417 418 419 420 421 422 423
 *
 * Once the SESSION is setup for the operation and the user is redirected to
 * authorize.php, they will be prompted for their connection credentials (core
 * provides FTP and SSH by default, although other connection classes can be
 * added via contributed modules). With valid credentials, authorize.php will
 * instantiate the appropriate FileTransfer object, and then invoke the
 * desired operation passing in that object. The authorize.php script can act
 * as a Batch API processing page, if the operation requires a batch.
 *
 * @see authorize.php
424
 * @see \Drupal\Core\FileTransfer\FileTransfer
425
 * @see hook_filetransfer_info()
426 427 428 429 430
 */

/**
 * Setup a given callback to run via authorize.php with elevated privileges.
 *
431 432 433 434 435 436 437 438 439
 * To use authorize.php, certain variables must be stashed into $_SESSION. This
 * function sets up all the necessary $_SESSION variables. The calling function
 * should then redirect to authorize.php, using the full path returned by
 * system_authorized_get_url(). That initiates the workflow that will eventually
 * lead to the callback being invoked. The callback will be invoked at a low
 * bootstrap level, without all modules being invoked, so it needs to be careful
 * not to assume any code exists. Example (system_authorized_run()):
 * @code
 *   system_authorized_init($callback, $file, $arguments, $page_title);
440
 *   return new RedirectResponse(system_authorized_get_url()->toString());
441 442 443 444 445 446
 * @endcode
 * Example (update_manager_install_form_submit()):
 * @code
 *  system_authorized_init('update_authorize_run_install',
 *    drupal_get_path('module', 'update') . '/update.authorize.inc',
 *    $arguments, t('Update manager'));
447
 *  $form_state->setRedirectUrl(system_authorized_get_url());
448
 * @endcode
449 450
 *
 * @param $callback
451
 *   The name of the function to invoke once the user authorizes the operation.
452 453 454 455 456 457 458 459 460
 * @param $file
 *   The full path to the file where the callback function is implemented.
 * @param $arguments
 *   Optional array of arguments to pass into the callback when it is invoked.
 *   Note that the first argument to the callback is always the FileTransfer
 *   object created by authorize.php when the user authorizes the operation.
 * @param $page_title
 *   Optional string to use as the page title once redirected to authorize.php.
 * @return
461
 *   Nothing, this function just initializes variables in the user's session.
462
 */
463
function system_authorized_init($callback, $file, $arguments = [], $page_title = NULL) {
464 465 466
  // First, figure out what file transfer backends the site supports, and put
  // all of those in the SESSION so that authorize.php has access to all of
  // them via the class autoloader, even without a full bootstrap.
467
  $_SESSION['authorize_filetransfer_info'] = drupal_get_filetransfer_info();
468 469

  // Now, define the callback to invoke.
470
  $_SESSION['authorize_operation'] = [
471 472 473
    'callback' => $callback,
    'file' => $file,
    'arguments' => $arguments,
474
  ];
475 476

  if (isset($page_title)) {
477
    $_SESSION['authorize_page_title'] = $page_title;
478
  }
479
}
480

481 482
/**
 * Return the URL for the authorize.php script.
483 484
 *
 * @param array $options
485
 *   Optional array of options to set on the \Drupal\Core\Url object.
486
 * @return \Drupal\Core\Url
487
 *   The full URL to authorize.php, using HTTPS if available.
488 489
 *
 * @see system_authorized_init()
490
 */
491
function system_authorized_get_url(array $options = []) {
492 493
  // core/authorize.php is an unrouted URL, so using the base: scheme is
  // the correct usage for this case.
494
  $url = Url::fromUri('base:core/authorize.php');
495 496 497
  $url_options = $url->getOptions();
  $url->setOptions($options + $url_options);
  return $url;
498 499
}

500 501
/**
 * Returns the URL for the authorize.php script when it is processing a batch.
502 503
 *
 * @param array $options
504
 *   Optional array of options to set on the \Drupal\Core\Url object.
505 506
 *
 * @return \Drupal\Core\Url
507
 */
508 509
function system_authorized_batch_processing_url(array $options = []) {
  $options['query'] = ['batch' => '1'];
510
  return system_authorized_get_url($options);
511 512
}

513 514 515
/**
 * Setup and invoke an operation using authorize.php.
 *
516
 * @see system_authorized_init()
517
 */
518
function system_authorized_run($callback, $file, $arguments = [], $page_title = NULL) {
519
  system_authorized_init($callback, $file, $arguments, $page_title);
520
  return new RedirectResponse(system_authorized_get_url()->toString());
521 522
}

523 524 525 526 527 528 529
/**
 * Use authorize.php to run batch_process().
 *
 * @see batch_process()
 */
function system_authorized_batch_process() {
  $finish_url = system_authorized_get_url();
530
  $process_url = system_authorized_batch_processing_url();
531
  return batch_process($finish_url->setAbsolute()->toString(), $process_url);
532 533
}

534 535 536 537
/**
 * @} End of "defgroup authorize".
 */

538
/**
539
 * Implements hook_updater_info().
540 541
 */
function system_updater_info() {
542 543
  return [
    'module' => [
544
      'class' => 'Drupal\Core\Updater\Module',
545 546
      'name' => t('Update modules'),
      'weight' => 0,
547 548
    ],
    'theme' => [
549
      'class' => 'Drupal\Core\Updater\Theme',
550 551
      'name' => t('Update themes'),
      'weight' => 0,
552 553
    ],
  ];
554 555
}

556
/**
557
 * Implements hook_filetransfer_info().
558
 */
559
function system_filetransfer_info() {
560
  $backends = [];
561

562
  // This is the default, will be available on most systems.
563
  if (function_exists('ftp_connect')) {
564
    $backends['ftp'] = [
565
      'title' => t('FTP'),
566
      'class' => 'Drupal\Core\FileTransfer\FTP',
567
      'weight' => 0,
568
    ];
569
  }
570

571 572 573
  // SSH2 lib connection is only available if the proper PHP extension is
  // installed.
  if (function_exists('ssh2_connect')) {
574
    $backends['ssh'] = [
575
      'title' => t('SSH'),
576
      'class' => 'Drupal\Core\FileTransfer\SSH',
577
      'weight' => 20,
578
    ];
579 580 581 582
  }
  return $backends;
}

583
/**
584
 * Implements hook_page_attachments().
585 586
 *
 * @see template_preprocess_maintenance_page()
587
 * @see \Drupal\Core\EventSubscriber\ActiveLinkResponseFilter
588
 */
589
function system_page_attachments(array &$page) {
590
  // Ensure the same CSS is loaded in template_preprocess_maintenance_page().
591
  $page['#attached']['library'][] = 'system/base';
592
  if (\Drupal::service('router.admin_context')->isAdminRoute()) {
593
    $page['#attached']['library'][] = 'system/admin';
594
  }
595

596
  // Attach libraries used by this theme.
597 598 599 600 601 602 603 604 605
  $active_theme = \Drupal::theme()->getActiveTheme();
  foreach ($active_theme->getLibraries() as $library) {
    $page['#attached']['library'][] = $library;
  }

  // Attach favicon.
  if (theme_get_setting('features.favicon')) {
    $favicon = theme_get_setting('favicon.url');
    $type = theme_get_setting('favicon.mimetype');
606
    $page['#attached']['html_head_link'][][] = [
607 608 609
      'rel' => 'shortcut icon',
      'href' => UrlHelper::stripDangerousProtocols($favicon),
      'type' => $type,
610
    ];
611 612 613
  }

  // Get the major Drupal version.
614
  list($version,) = explode('.', \Drupal::VERSION);
615 616

  // Attach default meta tags.
617
  $meta_default = [
618 619 620
    // Make sure the Content-Type comes first because the IE browser may be
    // vulnerable to XSS via encoding attacks from any content that comes
    // before this META tag, such as a TITLE tag.
621
    'system_meta_content_type' => [
622
      '#tag' => 'meta',
623
      '#attributes' => [
624
        'charset' => 'utf-8',
625
      ],
626 627
      // Security: This always has to be output first.
      '#weight' => -1000,
628
    ],
629
    // Show Drupal and the major version number in the META GENERATOR tag.
630
    'system_meta_generator' => [
631 632
      '#type' => 'html_tag',
      '#tag' => 'meta',
633
      '#attributes' => [
634
        'name' => 'Generator',
635
        'content' => 'Drupal ' . $version . ' (https://www.drupal.org)',
636 637
      ],
    ],
638
    // Attach default mobile meta tags for responsive design.
639
    'MobileOptimized' => [
640
      '#tag' => 'meta',
641
      '#attributes' => [
642 643
        'name' => 'MobileOptimized',
        'content' => 'width',
644 645 646
      ],
    ],
    'HandheldFriendly' => [
647
      '#tag' => 'meta',
648
      '#attributes' => [
649 650
        'name' => 'HandheldFriendly',
        'content' => 'true',
651 652 653
      ],
    ],
    'viewport' => [
654
      '#tag' => 'meta',
655
      '#attributes' => [
656 657
        'name' => 'viewport',
        'content' => 'width=device-width, initial-scale=1.0',
658 659 660
      ],
    ],
  ];
661 662 663 664
  foreach ($meta_default as $key => $value) {
    $page['#attached']['html_head'][] = [$value, $key];
  }

665 666
  // Handle setting the "active" class on links by:
  // - loading the active-link library if the current user is authenticated;
667
  // - applying a response filter if the current user is anonymous.
668
  // @see \Drupal\Core\Link
669
  // @see \Drupal\Core\Utility\LinkGenerator::generate()
670
  // @see template_preprocess_links()
671
  // @see \Drupal\Core\EventSubscriber\ActiveLinkResponseFilter
672
  if (\Drupal::currentUser()->isAuthenticated()) {
673
    $page['#attached']['library'][] = 'core/drupal.active-link';
674
  }
675 676
}

677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702
/**
 * Implements hook_js_settings_build().
 *
 * Sets values for the core/drupal.ajax library, which just depends on the
 * active theme but no other request-dependent values.
 */
function system_js_settings_build(&$settings, AttachedAssetsInterface $assets) {
  // Generate the values for the core/drupal.ajax library.
  // We need to send ajaxPageState settings for core/drupal.ajax if:
  // - ajaxPageState is being loaded in this Response, in which case it will
  //   already exist at $settings['ajaxPageState'] (because the core/drupal.ajax
  //   library definition specifies a placeholder 'ajaxPageState' setting).
  // - core/drupal.ajax already has been loaded and hence this is an AJAX
  //   Response in which we must send the list of extra asset libraries that are
  //   being added in this AJAX Response.
  /** @var \Drupal\Core\Asset\LibraryDependencyResolver $library_dependency_resolver */
  $library_dependency_resolver = \Drupal::service('library.dependency_resolver');
  if (isset($settings['ajaxPageState']) || in_array('core/drupal.ajax', $library_dependency_resolver->getLibrariesWithDependencies($assets->getAlreadyLoadedLibraries()))) {
    // Provide the page with information about the theme that's used, so that
    // a later AJAX request can be rendered using the same theme.
    // @see \Drupal\Core\Theme\AjaxBasePageNegotiator
    $theme_key = \Drupal::theme()->getActiveTheme()->getName();
    $settings['ajaxPageState']['theme'] = $theme_key;
  }
}

703 704 705
/**
 * Implements hook_js_settings_alter().
 *
706 707
 * Sets values which depend on the current request, like core/drupalSettings
 * as well as theme_token ajax state.
708
 */
709
function system_js_settings_alter(&$settings, AttachedAssetsInterface $assets) {
710 711 712
  // As this is being output in the final response always use the master
  // request.
  $request = \Drupal::requestStack()->getMasterRequest();
713
  $current_query = $request->query->all();
714 715 716 717 718 719 720 721

  // Let output path processors set a prefix.
  /** @var \Drupal\Core\PathProcessor\OutboundPathProcessorInterface $path_processor */
  $path_processor = \Drupal::service('path_processor_manager');
  $options = ['prefix' => ''];
  $path_processor->processOutbound('/', $options);
  $pathPrefix = $options['prefix'];

722 723 724 725 726 727
  $route_match = \Drupal::routeMatch();
  if ($route_match instanceof StackedRouteMatchInterface) {
    $route_match = $route_match->getMasterRouteMatch();
  }
  $current_path = $route_match->getRouteName() ? Url::fromRouteMatch($route_match)->getInternalPath() : '';
  $current_path_is_admin = \Drupal::service('router.admin_context')->isAdminRoute($route_match->getRouteObject());
728 729 730 731 732
  $path_settings = [
    'baseUrl' => $request->getBaseUrl() . '/',
    'pathPrefix' => $pathPrefix,
    'currentPath' => $current_path,
    'currentPathIsAdmin' => $current_path_is_admin,
733
    'isFront' => \Drupal::service('path.matcher')->isFrontPage(),
734 735 736 737 738 739 740 741 742 743 744 745 746
    'currentLanguage' => \Drupal::languageManager()->getCurrentLanguage(LanguageInterface::TYPE_URL)->getId(),
  ];
  if (!empty($current_query)) {
    ksort($current_query);
    $path_settings['currentQuery'] = (object) $current_query;
  }

  // Only set core/drupalSettings values that haven't been set already.
  foreach ($path_settings as $key => $value) {
    if (!isset($settings['path'][$key])) {
      $settings['path'][$key] = $value;
    }
  }
747 748
  if (!isset($settings['pluralDelimiter'])) {
    $settings['pluralDelimiter'] = LOCALE_PLURAL_DELIMITER;
749
  }
750
  // Add the theme token to ajaxPageState, ensuring the database is available
751
  // before doing so. Also add the loaded libraries to ajaxPageState.
752 753 754 755
  /** @var \Drupal\Core\Asset\LibraryDependencyResolver $library_dependency_resolver */
  $library_dependency_resolver = \Drupal::service('library.dependency_resolver');
  if (isset($settings['ajaxPageState']) || in_array('core/drupal.ajax', $library_dependency_resolver->getLibrariesWithDependencies($assets->getAlreadyLoadedLibraries()))) {
    if (!defined('MAINTENANCE_MODE')) {
756 757 758 759 760 761 762 763
      // The theme token is only validated when the theme requested is not the
      // default, so don't generate it unless necessary.
      // @see \Drupal\Core\Theme\AjaxBasePageNegotiator::determineActiveTheme()
      $active_theme_key = \Drupal::theme()->getActiveTheme()->getName();
      if ($active_theme_key !== \Drupal::service('theme_handler')->getDefault()) {
        $settings['ajaxPageState']['theme_token'] = \Drupal::csrfToken()
          ->get($active_theme_key);
      }
764
    }
765 766 767 768 769 770 771 772
    // Provide the page with information about the individual asset libraries
    // used, information not otherwise available when aggregation is enabled.
    $minimal_libraries = $library_dependency_resolver->getMinimalRepresentativeSubset(array_merge(
      $assets->getLibraries(),
      $assets->getAlreadyLoadedLibraries()
    ));
    sort($minimal_libraries);
    $settings['ajaxPageState']['libraries'] = implode(',', $minimal_libraries);
773
  }
774 775
}

776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798
/**
 * Implements hook_form_alter().
 */
function system_form_alter(&$form, FormStateInterface $form_state) {
  // If the page that's being built is cacheable, set the 'immutable' flag, to
  // ensure that when the form is used, a new form build ID is generated when
  // appropriate, to prevent information disclosure.

  // Note: This code just wants to know whether cache response headers are set,
  // not whether page_cache module will be active.
  // \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond will
  // send those headers, in case $request_policy->check($request) succeeds. In
  // that case we need to ensure that the immutable flag is sot, so future POST
  // request won't take over the form state of another user.
  /** @var \Drupal\Core\PageCache\RequestPolicyInterface $request_policy */
  $request_policy = \Drupal::service('page_cache_request_policy');
  $request = \Drupal::requestStack()->getCurrentRequest();
  $request_is_cacheable = $request_policy->check($request) === RequestPolicyInterface::ALLOW;
  if ($request_is_cacheable) {
    $form_state->addBuildInfo('immutable', TRUE);
  }
}

Dries's avatar
 
Dries committed
799
/**
800
 * Implements hook_form_FORM_ID_alter() for \Drupal\user\AccountForm.
Dries's avatar