Commit f7daf345 authored by Dries's avatar Dries
Browse files

- Patch #598414 by Tor Arne Thune, Dave Reid: Fixed Links in the update results page lead to 403s.

parent 31544e56
......@@ -2109,7 +2109,7 @@ class UpdateScriptFunctionalTest extends DrupalWebTestCase {
}
function setUp() {
parent::setUp('update_script_test');
parent::setUp(array('update_script_test', 'dblog'));
$this->update_url = $GLOBALS['base_url'] . '/core/update.php';
$this->update_user = $this->drupalCreateUser(array('administer software updates'));
}
......@@ -2210,6 +2210,56 @@ class UpdateScriptFunctionalTest extends DrupalWebTestCase {
$final_theme_data = db_query("SELECT * FROM {system} WHERE type = 'theme' ORDER BY name")->fetchAll();
$this->assertEqual($original_theme_data, $final_theme_data, t('Visiting update.php does not alter the information about themes stored in the database.'));
}
/**
* Tests update.php when there are no updates to apply.
*/
function testNoUpdateFunctionality() {
// Click through update.php with 'administer software updates' permission.
$this->drupalLogin($this->update_user);
$this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
$this->assertText(t('No pending updates.'));
$this->assertNoLink('Administration pages');
$this->clickLink('Front page');
$this->assertResponse(200);
// Click through update.php with 'access administration pages' permission.
$admin_user = $this->drupalCreateUser(array('administer software updates', 'access administration pages'));
$this->drupalLogin($admin_user);
$this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
$this->assertText(t('No pending updates.'));
$this->clickLink('Administration pages');
$this->assertResponse(200);
}
/**
* Tests update.php after performing a successful update.
*/
function testSuccessfulUpdateFunctionality() {
drupal_set_installed_schema_version('update_script_test', drupal_get_installed_schema_version('update_script_test') - 1);
// Click through update.php with 'administer software updates' permission.
$this->drupalLogin($this->update_user);
$this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
$this->drupalPost(NULL, array(), t('Apply pending updates'));
$this->assertText('Updates were attempted.');
$this->assertLink('site');
$this->assertNoLink('Administration pages');
$this->assertNoLink('logged');
$this->clickLink('Front page');
$this->assertResponse(200);
drupal_set_installed_schema_version('update_script_test', drupal_get_installed_schema_version('update_script_test') - 1);
// Click through update.php with 'access administration pages' and
// 'access site reports' permissions.
$admin_user = $this->drupalCreateUser(array('administer software updates', 'access administration pages', 'access site reports'));
$this->drupalLogin($admin_user);
$this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
$this->drupalPost(NULL, array(), t('Apply pending updates'));
$this->assertText('Updates were attempted.');
$this->assertLink('logged');
$this->clickLink('Administration pages');
$this->assertResponse(200);
}
}
/**
......
......@@ -148,7 +148,9 @@ function update_helpful_links() {
// NOTE: we can't use l() here because the URL would point to
// 'core/update.php?q=admin'.
$links[] = '<a href="' . base_path() . '">Front page</a>';
$links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
if (user_access('access administration pages')) {
$links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
}
return $links;
}
......@@ -158,7 +160,7 @@ function update_results_page() {
update_task_list();
// Report end result.
if (module_exists('dblog')) {
if (module_exists('dblog') && user_access('access site reports')) {
$log_message = ' All errors have been <a href="' . base_path() . '?q=admin/reports/dblog">logged</a>.';
}
else {
......@@ -166,7 +168,7 @@ function update_results_page() {
}
if ($_SESSION['update_success']) {
$output = '<p>Updates were attempted. If you see no failures below, you may proceed happily to the <a href="' . base_path() . '?q=admin">administration pages</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
$output = '<p>Updates were attempted. If you see no failures below, you may proceed happily back to your <a href="' . base_path() . '">site</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
}
else {
list($module, $version) = array_pop(reset($_SESSION['updates_remaining']));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment