[ Index ]

PHP Cross Reference of Documentation Drupal

title

Body

[close]

/ -> authorize.php (source)

   1  <?php
   2  
   3  /**
   4   * @file
   5   * Administrative script for running authorized file operations.
   6   *
   7   * Using this script, the site owner (the user actually owning the files on
   8   * the webserver) can authorize certain file-related operations to proceed
   9   * with elevated privileges, for example to deploy and upgrade modules or
  10   * themes. Users should not visit this page directly, but instead use an
  11   * administrative user interface which knows how to redirect the user to this
  12   * script as part of a multistep process. This script actually performs the
  13   * selected operations without loading all of Drupal, to be able to more
  14   * gracefully recover from errors. Access to the script is controlled by a
  15   * global killswitch in settings.php ('allow_authorize_operations') and via
  16   * the 'administer software updates' permission.
  17   *
  18   * There are helper functions for setting up an operation to run via this
  19   * system in modules/system/system.module. For more information, see:
  20   * @link authorize Authorized operation helper functions @endlink
  21   */
  22  
  23  /**
  24   * Root directory of Drupal installation.
  25   */
  26  define('DRUPAL_ROOT', getcwd());
  27  
  28  /**
  29   * Global flag to identify update.php and authorize.php runs, and so
  30   * avoid various unwanted operations, such as hook_init() and
  31   * hook_exit() invokes, css/js preprocessing and translation, and
  32   * solve some theming issues. This flag is checked on several places
  33   * in Drupal code (not just authorize.php).
  34   */
  35  define('MAINTENANCE_MODE', 'update');
  36  
  37  /**
  38   * Renders a 403 access denied page for authorize.php.
  39   */
  40  function authorize_access_denied_page() {
  41    drupal_add_http_header('Status', '403 Forbidden');
  42    watchdog('access denied', 'authorize.php', NULL, WATCHDOG_WARNING);
  43    drupal_set_title('Access denied');
  44    return t('You are not allowed to access this page.');
  45  }
  46  
  47  /**
  48   * Determines if the current user is allowed to run authorize.php.
  49   *
  50   * The killswitch in settings.php overrides all else, otherwise, the user must
  51   * have access to the 'administer software updates' permission.
  52   *
  53   * @return
  54   *   TRUE if the current user can run authorize.php, otherwise FALSE.
  55   */
  56  function authorize_access_allowed() {
  57    return variable_get('allow_authorize_operations', TRUE) && user_access('administer software updates');
  58  }
  59  
  60  // *** Real work of the script begins here. ***
  61  
  62  require_once  DRUPAL_ROOT . '/includes/bootstrap.inc';
  63  require_once  DRUPAL_ROOT . '/includes/common.inc';
  64  require_once  DRUPAL_ROOT . '/includes/file.inc';
  65  require_once  DRUPAL_ROOT . '/includes/module.inc';
  66  require_once  DRUPAL_ROOT . '/includes/ajax.inc';
  67  
  68  // We prepare only a minimal bootstrap. This includes the database and
  69  // variables, however, so we have access to the class autoloader registry.
  70  drupal_bootstrap(DRUPAL_BOOTSTRAP_SESSION);
  71  
  72  // This must go after drupal_bootstrap(), which unsets globals!
  73  global $conf;
  74  
  75  // We have to enable the user and system modules, even to check access and
  76  // display errors via the maintenance theme.
  77  $module_list['system']['filename'] = 'modules/system/system.module';
  78  $module_list['user']['filename'] = 'modules/user/user.module';
  79  module_list(TRUE, FALSE, FALSE, $module_list);
  80  drupal_load('module', 'system');
  81  drupal_load('module', 'user');
  82  
  83  // We also want to have the language system available, but we do *NOT* want to
  84  // actually call drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE), since that would
  85  // also force us through the DRUPAL_BOOTSTRAP_PAGE_HEADER phase, which loads
  86  // all the modules, and that's exactly what we're trying to avoid.
  87  drupal_language_initialize();
  88  
  89  // Initialize the maintenance theme for this administrative script.
  90  drupal_maintenance_theme();
  91  
  92  $output = '';
  93  $show_messages = TRUE;
  94  
  95  if (authorize_access_allowed()) {
  96    // Load both the Form API and Batch API.
  97    require_once  DRUPAL_ROOT . '/includes/form.inc';
  98    require_once  DRUPAL_ROOT . '/includes/batch.inc';
  99    // Load the code that drives the authorize process.
 100    require_once  DRUPAL_ROOT . '/includes/authorize.inc';
 101  
 102    // For the sake of Batch API and a few other low-level functions, we need to
 103    // initialize the URL path into $_GET['q']. However, we do not want to raise
 104    // our bootstrap level, nor do we want to call drupal_initialize_path(),
 105    // since that is assuming that modules are loaded and invoking hooks.
 106    // However, all we really care is if we're in the middle of a batch, in which
 107    // case $_GET['q'] will already be set, we just initialize it to an empty
 108    // string if it's not already defined.
 109    if (!isset($_GET['q'])) {
 110      $_GET['q'] = '';
 111    }
 112  
 113    if (isset($_SESSION['authorize_operation']['page_title'])) {
 114      drupal_set_title($_SESSION['authorize_operation']['page_title']);
 115    }
 116    else {
 117      drupal_set_title(t('Authorize file system changes'));
 118    }
 119  
 120    // See if we've run the operation and need to display a report.
 121    if (isset($_SESSION['authorize_results']) && $results = $_SESSION['authorize_results']) {
 122  
 123      // Clear the session out.
 124      unset($_SESSION['authorize_results']);
 125      unset($_SESSION['authorize_operation']);
 126      unset($_SESSION['authorize_filetransfer_info']);
 127  
 128      if (!empty($results['page_title'])) {
 129        drupal_set_title($results['page_title']);
 130      }
 131      if (!empty($results['page_message'])) {
 132        drupal_set_message($results['page_message']['message'], $results['page_message']['type']);
 133      }
 134  
 135      $output = theme('authorize_report', array('messages' => $results['messages']));
 136  
 137      $links = array();
 138      if (is_array($results['tasks'])) {
 139        $links += $results['tasks'];
 140      }
 141      else {
 142        $links = array_merge($links, array(
 143          l(t('Administration pages'), 'admin'),
 144          l(t('Front page'), '<front>'),
 145        ));
 146      }
 147  
 148      $output .= theme('item_list', array('items' => $links, 'title' => t('Next steps')));
 149    }
 150    // If a batch is running, let it run.
 151    elseif (isset($_GET['batch'])) {
 152      $output = _batch_page();
 153    }
 154    else {
 155      if (empty($_SESSION['authorize_operation']) || empty($_SESSION['authorize_filetransfer_info'])) {
 156        $output = t('It appears you have reached this page in error.');
 157      }
 158      elseif (!$batch = batch_get()) {
 159        // We have a batch to process, show the filetransfer form.
 160        $elements = drupal_get_form('authorize_filetransfer_form');
 161        $output = drupal_render($elements);
 162      }
 163    }
 164    // We defer the display of messages until all operations are done.
 165    $show_messages = !(($batch = batch_get()) && isset($batch['running']));
 166  }
 167  else {
 168    $output = authorize_access_denied_page();
 169  }
 170  
 171  if (!empty($output)) {
 172    print theme('update_page', array('content' => $output, 'show_messages' => $show_messages));
 173  }


Développeurs Drupal & Développement mobile Montréal
Generated: Thu Feb 21 17:10:26 2013 Cross-referenced by PHPXref 0.7.1