update.php 17.6 KB
Newer Older
1
<?php
Dries's avatar
   
Dries committed
2
// $Id$
Dries's avatar
   
Dries committed
3

4
5
6
/**
 * Root directory of Drupal installation.
 */
7
define('DRUPAL_ROOT', getcwd());
8

Dries's avatar
   
Dries committed
9
10
11
12
/**
 * @file
 * Administrative page for handling updates from one Drupal version to another.
 *
13
 * Point your browser to "http://www.example.com/update.php" and follow the
Dries's avatar
   
Dries committed
14
15
 * instructions.
 *
16
17
18
19
20
 * If you are not logged in using either the site maintenance account or an
 * account with the "Administer software updates" permission, you will need to
 * modify the access check statement inside your settings.php file. After
 * finishing the upgrade, be sure to open settings.php again, and change it
 * back to its original state!
Dries's avatar
   
Dries committed
21
 */
Dries's avatar
   
Dries committed
22

23
/**
24
25
26
27
 * Global flag indicating that update.php is being run.
 *
 * When this flag is set, various operations do not take place, such as invoking
 * hook_init() and hook_exit(), css/js preprocessing, and translation.
28
 */
29
30
define('MAINTENANCE_MODE', 'update');

31
function update_selection_page() {
32
  drupal_set_title('Drupal database update');
33
34
  $elements = drupal_get_form('update_script_selection_form');
  $output = drupal_render($elements);
35

36
37
  update_task_list('select');

38
39
40
  return $output;
}

41
function update_script_selection_form($form, &$form_state) {
42
  $count = 0;
43
  $incompatible_count = 0;
44
  $form['start'] = array(
45
46
47
    '#tree' => TRUE,
    '#type' => 'fieldset',
    '#collapsed' => TRUE,
48
    '#collapsible' => TRUE,
49
  );
50

51
  // Ensure system.module's updates appear first.
52
53
  $form['start']['system'] = array();

54
  $updates = update_get_update_list();
55
56
  $starting_updates = array();
  $incompatible_updates_exist = FALSE;
57
58
59
60
61
62
63
64
  foreach ($updates as $module => $update) {
    if (!isset($update['start'])) {
      $form['start'][$module] = array(
        '#title' => $module,
        '#item'  => $update['warning'],
        '#prefix' => '<div class="warning">',
        '#suffix' => '</div>',
      );
65
      $incompatible_updates_exist = TRUE;
66
67
68
      continue;
    }
    if (!empty($update['pending'])) {
69
      $starting_updates[$module] = $update['start'];
70
71
72
73
74
      $form['start'][$module] = array(
        '#type' => 'hidden',
        '#value' => $update['start'],
      );
      $form['start'][$module . '_updates'] = array(
75
76
77
        '#theme' => 'item_list',
        '#items' => $update['pending'],
        '#title' => $module . ' module',
78
79
80
81
      );
    }
    if (isset($update['pending'])) {
      $count = $count + count($update['pending']);
82
83
84
    }
  }

85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
  // Find and label any incompatible updates.
  foreach (update_resolve_dependencies($starting_updates) as $function => $data) {
    if (!$data['allowed']) {
      $incompatible_updates_exist = TRUE;
      $incompatible_count++;
      $module_update_key = $data['module'] . '_updates';
      if (isset($form['start'][$module_update_key]['#items'][$data['number']])) {
        $text = $data['missing_dependencies'] ? 'This update will been skipped due to the following missing dependencies: <em>' . implode(', ', $data['missing_dependencies']) . '</em>' : "This update will be skipped due to an error in the module's code.";
        $form['start'][$module_update_key]['#items'][$data['number']] .= '<div class="warning">' . $text . '</div>';
      }
      // Move the module containing this update to the top of the list.
      $form['start'] = array($module_update_key => $form['start'][$module_update_key]) + $form['start'];
    }
  }

  // Warn the user if any updates were incompatible.
  if ($incompatible_updates_exist) {
    drupal_set_message('Some of the pending updates cannot be applied because their dependencies were not met.', 'warning');
  }

105
  if (empty($count)) {
106
107
108
    drupal_set_message(t('No pending updates.'));
    unset($form);
    $form['links'] = array(
109
      '#markup' => theme('item_list', array('items' => update_helpful_links())),
110
111
112
113
114
115
116
    );
  }
  else {
    $form['help'] = array(
      '#markup' => '<p>The version of Drupal you are updating from has been automatically detected.</p>',
      '#weight' => -5,
    );
117
118
119
120
121
122
123
124
125
126
127
    if ($incompatible_count) {
      $form['start']['#title'] = format_plural(
        $count,
        '1 pending update (@number_applied to be applied, @number_incompatible skipped)',
        '@count pending updates (@number_applied to be applied, @number_incompatible skipped)',
        array('@number_applied' => $count - $incompatible_count, '@number_incompatible' => $incompatible_count)
      );
    }
    else {
      $form['start']['#title'] = format_plural($count, '1 pending update', '@count pending updates');
    }
128
129
130
131
    $form['has_js'] = array(
      '#type' => 'hidden',
      '#default_value' => FALSE,
    );
132
133
    $form['actions'] = array('#type' => 'actions');
    $form['actions']['submit'] = array(
134
      '#type' => 'submit',
135
      '#value' => 'Apply pending updates',
136
137
    );
  }
138
  return $form;
139
140
}

141
function update_helpful_links() {
142
143
  // NOTE: we can't use l() here because the URL would point to
  // 'update.php?q=admin'.
144
  $links[] = '<a href="' . base_path() . '">Front page</a>';
145
  $links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
146
147
148
149
150
151
  return $links;
}

function update_results_page() {
  drupal_set_title('Drupal database update');
  $links = update_helpful_links();
152

153
  update_task_list();
154
  // Report end result.
155
  if (module_exists('dblog')) {
156
    $log_message = ' All errors have been <a href="' . base_path() . '?q=admin/reports/dblog">logged</a>.';
157
158
159
160
161
  }
  else {
    $log_message = ' All errors have been logged.';
  }

162
  if ($_SESSION['update_success']) {
163
    $output = '<p>Updates were attempted. If you see no failures below, you may proceed happily to the <a href="' . base_path() . '?q=admin">administration pages</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
164
165
  }
  else {
166
    list($module, $version) = array_pop(reset($_SESSION['updates_remaining']));
167
    $output = '<p class="error">The update process was aborted prematurely while running <strong>update #' . $version . ' in ' . $module . '.module</strong>.' . $log_message;
168
169
170
171
    if (module_exists('dblog')) {
      $output .= ' You may need to check the <code>watchdog</code> database table manually.';
    }
    $output .= '</p>';
172
173
  }

174
175
  if (!empty($GLOBALS['update_free_access'])) {
    $output .= "<p><strong>Reminder: don't forget to set the <code>\$update_free_access</code> value in your <code>settings.php</code> file back to <code>FALSE</code>.</strong></p>";
176
  }
177

178
  $output .= theme('item_list', array('items' => $links));
179

180
  // Output a list of queries executed.
181
  if (!empty($_SESSION['update_results'])) {
182
    $all_messages = '';
183
    foreach ($_SESSION['update_results'] as $module => $updates) {
184
      if ($module != '#abort') {
185
186
        $module_has_message = FALSE;
        $query_messages = '';
187
        foreach ($updates as $number => $queries) {
188
          $messages = array();
189
          foreach ($queries as $query) {
190
191
192
193
            // If there is no message for this update, don't show anything.
            if (empty($query['query'])) {
              continue;
            }
194

195
            if ($query['success']) {
196
              $messages[] = '<li class="success">' . $query['query'] . '</li>';
197
198
            }
            else {
199
              $messages[] = '<li class="failure"><strong>Failed:</strong> ' . $query['query'] . '</li>';
200
            }
201
          }
202
203

          if ($messages) {
204
205
206
            $module_has_message = TRUE;
            $query_messages .= '<h4>Update #' . $number . "</h4>\n";
            $query_messages .= '<ul>' . implode("\n", $messages) . "</ul>\n";
207
208
          }
        }
209
210
211
212
213
214

        // If there were any messages in the queries then prefix them with the
        // module name and add it to the global message list.
        if ($module_has_message) {
          $all_messages .= '<h3>' . $module . " module</h3>\n" . $query_messages;
        }
215
216
      }
    }
217
218
219
220
221
    if ($all_messages) {
      $output .= '<div id="update-results"><h2>The following updates returned messages</h2>';
      $output .= $all_messages;
      $output .= '</div>';
    }
222
  }
223
224
  unset($_SESSION['update_results']);
  unset($_SESSION['update_success']);
225

226
  return $output;
227
228
}

229
function update_info_page() {
230
231
  // Change query-strings on css/js files to enforce reload for all users.
  _drupal_flush_css_js();
232
233
  // Flush the cache of all data for the update status module.
  if (db_table_exists('cache_update')) {
234
    cache_clear_all('*', 'cache_update', TRUE);
235
  }
236

237
  update_task_list('info');
Steven Wittens's avatar
Steven Wittens committed
238
  drupal_set_title('Drupal database update');
239
  $token = drupal_get_token('update');
240
  $output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/upgrade">upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
241
242
243
  $output .= "<ol>\n";
  $output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n";
  $output .= "<li><strong>Back up your code</strong>. Hint: when backing up module code, do not leave that backup in the 'modules' or 'sites/*/modules' directories as this may confuse Drupal's auto-discovery mechanism.</li>\n";
244
  $output .= '<li>Put your site into <a href="' . base_path() . '?q=admin/config/development/maintenance">maintenance mode</a>.</li>' . "\n";
245
246
247
  $output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n";
  $output .= "</ol>\n";
  $output .= "<p>When you have performed the steps above, you may proceed.</p>\n";
248
  $output .= '<form method="post" action="update.php?op=selection&amp;token=' . $token . '"><p><input type="submit" value="Continue" class="form-submit" /></p></form>';
249
  $output .= "\n";
250
251
252
253
  return $output;
}

function update_access_denied_page() {
254
  drupal_add_http_header('Status', '403 Forbidden');
255
  watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING);
256
  drupal_set_title('Access denied');
257
  return '<p>Access denied. You are not authorized to access this page. Log in using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation). If you cannot log in, you will have to edit <code>settings.php</code> to bypass this access check. To do this:</p>
258
<ol>
259
260
261
 <li>With a text editor find the settings.php file on your system. From the main Drupal directory that you installed all the files into, go to <code>sites/your_site_name</code> if such directory exists, or else to <code>sites/default</code> which applies otherwise.</li>
 <li>There is a line inside your settings.php file that says <code>$update_free_access = FALSE;</code>. Change it to <code>$update_free_access = TRUE;</code>.</li>
 <li>As soon as the update.php script is done, you must change the settings.php file back to its original form with <code>$update_free_access = FALSE;</code>.</li>
262
 <li>To avoid having this problem in the future, remember to log in to your website using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation) before you backup your database at the beginning of the update process.</li>
263
</ol>';
264
}
265

266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
/**
 * Determines if the current user is allowed to run update.php.
 *
 * @return
 *   TRUE if the current user should be granted access, or FALSE otherwise.
 */
function update_access_allowed() {
  global $update_free_access, $user;

  // Allow the global variable in settings.php to override the access check.
  if (!empty($update_free_access)) {
    return TRUE;
  }
  // Calls to user_access() might fail during the Drupal 6 to 7 update process,
  // so we fall back on requiring that the user be logged in as user #1.
  try {
282
    require_once DRUPAL_ROOT . '/' . drupal_get_path('module', 'user') . '/user.module';
283
284
285
286
287
288
289
    return user_access('administer software updates');
  }
  catch (Exception $e) {
    return ($user->uid == 1);
  }
}

290
291
292
293
294
295
/**
 * Add the update task list to the current page.
 */
function update_task_list($active = NULL) {
  // Default list of tasks.
  $tasks = array(
296
    'requirements' => 'Verify requirements',
297
    'info' => 'Overview',
298
    'select' => 'Review updates',
299
300
301
302
    'run' => 'Run updates',
    'finished' => 'Review log',
  );

303
  drupal_add_region_content('sidebar_first', theme('task_list', array('items' => $tasks, 'active' => $active)));
304
305
}

306
/**
307
308
 * Returns (and optionally stores) extra requirements that only apply during
 * particular parts of the update.php process.
309
 */
310
311
312
313
function update_extra_requirements($requirements = NULL) {
  static $extra_requirements = array();
  if (isset($requirements)) {
    $extra_requirements += $requirements;
314
  }
315
  return $extra_requirements;
316
317
318
}

/**
319
 * Check update requirements and report any errors.
320
 */
321
function update_check_requirements() {
322
323
  // Check requirements of all loaded modules.
  $requirements = module_invoke_all('requirements', 'update');
324
325
326
327
328
329
330
  $requirements += update_extra_requirements();
  $severity = drupal_requirements_severity($requirements);

  // If there are issues, report them.
  if ($severity == REQUIREMENT_ERROR) {
    update_task_list('requirements');
    drupal_set_title('Requirements problem');
331
    $status_report = theme('status_report', array('requirements' => $requirements));
332
    $status_report .= 'Check the error messages and <a href="' . check_url(request_uri()) . '">try again</a>.';
333
    print theme('update_page', array('content' => $status_report));
334
    exit();
335
  }
336
337
}

338
// Some unavoidable errors happen because the database is not yet up-to-date.
339
// Our custom error handler is not yet installed, so we just suppress them.
340
341
ini_set('display_errors', FALSE);

342
343
// We prepare a minimal bootstrap for the update requirements check to avoid
// reaching the PHP memory limit.
344
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
345
require_once DRUPAL_ROOT . '/includes/update.inc';
346
require_once DRUPAL_ROOT . '/includes/common.inc';
347
require_once DRUPAL_ROOT . '/includes/file.inc';
348
require_once DRUPAL_ROOT . '/includes/entity.inc';
349
require_once DRUPAL_ROOT . '/includes/unicode.inc';
350
update_prepare_d7_bootstrap();
351

352
353
354
355
356
357
// Temporarily disable configurable timezones so the upgrade process uses the
// site-wide timezone. This prevents a PHP notice during session initlization
// and before offsets have been converted in user_update_7002().
$configurable_timezones = variable_get('configurable_timezones', 1);
$conf['configurable_timezones'] = 0;

358
359
// Determine if the current user has access to run update.php.
drupal_bootstrap(DRUPAL_BOOTSTRAP_SESSION);
360

361
362
363
// Reset configurable timezones.
$conf['configurable_timezones'] = $configurable_timezones;

364
365
366
367
// Only allow the requirements check to proceed if the current user has access
// to run updates (since it may expose sensitive information about the site's
// configuration).
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
368
if (empty($op) && update_access_allowed()) {
369
370
  require_once DRUPAL_ROOT . '/includes/install.inc';
  require_once DRUPAL_ROOT . '/modules/system/system.install';
371
372

  // Load module basics.
373
  include_once DRUPAL_ROOT . '/includes/module.inc';
374
  $module_list['system']['filename'] = 'modules/system/system.module';
375
  module_list(TRUE, FALSE, FALSE, $module_list);
376
377
  drupal_load('module', 'system');

378
379
380
381
  // Reset the module_implements() cache so that any new hook implementations
  // in updated code are picked up.
  module_implements('', FALSE, TRUE);

382
  // Set up $language, since the installer components require it.
383
  drupal_language_initialize();
384
385
386
387
388

  // Set up theme system for the maintenance page.
  drupal_maintenance_theme();

  // Check the update requirements for Drupal.
389
  update_check_requirements();
390

391
  // Redirect to the update information page if all requirements were met.
392
393
  install_goto('update.php?op=info');
}
394

395
396
397
398
399
400
401
402
403
404
// update_fix_d7_requirements() needs to run before bootstrapping beyond path.
// So bootstrap to DRUPAL_BOOTSTRAP_LANGUAGE then include unicode.inc.

drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE);
include_once DRUPAL_ROOT . '/includes/unicode.inc';

update_fix_d7_requirements();

// Now proceed with a full bootstrap.

405
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
Steven Wittens's avatar
Steven Wittens committed
406
drupal_maintenance_theme();
407

408
409
410
411
// Turn error reporting back on. From now on, only fatal errors (which are
// not passed through the error handler) will cause a message to be printed.
ini_set('display_errors', TRUE);

412
// Only proceed with updates if the user is allowed to run them.
413
if (update_access_allowed()) {
414

415
416
  include_once DRUPAL_ROOT . '/includes/install.inc';
  include_once DRUPAL_ROOT . '/includes/batch.inc';
417
  drupal_load_updates();
Dries's avatar
   
Dries committed
418

419
  update_fix_compatibility();
420

421
422
423
  // Check the update requirements for all modules.
  update_check_requirements();

424
425
  $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
  switch ($op) {
426
    // update.php ops.
427

428
    case 'selection':
429
430
431
432
      if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
        $output = update_selection_page();
        break;
      }
433

434
    case 'Apply pending updates':
435
      if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
436
        update_batch($_POST['start'], $base_url . '/update.php?op=results', $base_url . '/update.php');
437
438
439
440
441
        break;
      }

    case 'info':
      $output = update_info_page();
442
443
      break;

444
445
    case 'results':
      $output = update_results_page();
446
447
      break;

448
    // Regular batch ops : defer to batch processing API.
449
    default:
450
451
      update_task_list('run');
      $output = _batch_page();
452
      break;
Kjartan's avatar
Kjartan committed
453
454
455
  }
}
else {
456
  $output = update_access_denied_page();
457
}
458
if (isset($output) && $output) {
459
460
  // Explictly start a session so that the update.php token will be accepted.
  drupal_session_start();
461
462
  // We defer the display of messages until all updates are done.
  $progress_page = ($batch = batch_get()) && isset($batch['running']);
463
  print theme('update_page', array('content' => $output, 'show_messages' => !$progress_page));
464
}