Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

- Patch #598414 by Tor Arne Thune, Dave Reid: Fixed Links in the upda…

…te results page lead to 403s.
  • Loading branch information...
commit cffbd988245017d0ca098dbcee5c5de831b0c6a1 1 parent a5f9c98
Dries Buytaert dbuytaert authored

Showing 2 changed files with 55 additions and 3 deletions. Show diff stats Hide diff stats

  1. +50 0 modules/system/system.test
  2. +5 3 update.php
50 modules/system/system.test
@@ -2239,6 +2239,56 @@ class UpdateScriptFunctionalTest extends DrupalWebTestCase {
2239 2239 $final_theme_data = db_query("SELECT * FROM {system} WHERE type = 'theme' ORDER BY name")->fetchAll();
2240 2240 $this->assertEqual($original_theme_data, $final_theme_data, t('Visiting update.php does not alter the information about themes stored in the database.'));
2241 2241 }
  2242 +
  2243 + /**
  2244 + * Tests update.php when there are no updates to apply.
  2245 + */
  2246 + function testNoUpdateFunctionality() {
  2247 + // Click through update.php with 'administer software updates' permission.
  2248 + $this->drupalLogin($this->update_user);
  2249 + $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
  2250 + $this->assertText(t('No pending updates.'));
  2251 + $this->assertNoLink('Administration pages');
  2252 + $this->clickLink('Front page');
  2253 + $this->assertResponse(200);
  2254 +
  2255 + // Click through update.php with 'access administration pages' permission.
  2256 + $admin_user = $this->drupalCreateUser(array('administer software updates', 'access administration pages'));
  2257 + $this->drupalLogin($admin_user);
  2258 + $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
  2259 + $this->assertText(t('No pending updates.'));
  2260 + $this->clickLink('Administration pages');
  2261 + $this->assertResponse(200);
  2262 + }
  2263 +
  2264 + /**
  2265 + * Tests update.php after performing a successful update.
  2266 + */
  2267 + function testSuccessfulUpdateFunctionality() {
  2268 + drupal_set_installed_schema_version('update_script_test', drupal_get_installed_schema_version('update_script_test') - 1);
  2269 + // Click through update.php with 'administer software updates' permission.
  2270 + $this->drupalLogin($this->update_user);
  2271 + $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
  2272 + $this->drupalPost(NULL, array(), t('Apply pending updates'));
  2273 + $this->assertText('Updates were attempted.');
  2274 + $this->assertLink('site');
  2275 + $this->assertNoLink('Administration pages');
  2276 + $this->assertNoLink('logged');
  2277 + $this->clickLink('Front page');
  2278 + $this->assertResponse(200);
  2279 +
  2280 + drupal_set_installed_schema_version('update_script_test', drupal_get_installed_schema_version('update_script_test') - 1);
  2281 + // Click through update.php with 'access administration pages' and
  2282 + // 'access site reports' permissions.
  2283 + $admin_user = $this->drupalCreateUser(array('administer software updates', 'access administration pages', 'access site reports'));
  2284 + $this->drupalLogin($admin_user);
  2285 + $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
  2286 + $this->drupalPost(NULL, array(), t('Apply pending updates'));
  2287 + $this->assertText('Updates were attempted.');
  2288 + $this->assertLink('logged');
  2289 + $this->clickLink('Administration pages');
  2290 + $this->assertResponse(200);
  2291 + }
2242 2292 }
2243 2293
2244 2294 /**
8 update.php
@@ -145,7 +145,9 @@ function update_helpful_links() {
145 145 // NOTE: we can't use l() here because the URL would point to
146 146 // 'update.php?q=admin'.
147 147 $links[] = '<a href="' . base_path() . '">Front page</a>';
148   - $links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
  148 + if (user_access('access administration pages')) {
  149 + $links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
  150 + }
149 151 return $links;
150 152 }
151 153
@@ -155,7 +157,7 @@ function update_results_page() {
155 157
156 158 update_task_list();
157 159 // Report end result.
158   - if (module_exists('dblog')) {
  160 + if (module_exists('dblog') && user_access('access site reports')) {
159 161 $log_message = ' All errors have been <a href="' . base_path() . '?q=admin/reports/dblog">logged</a>.';
160 162 }
161 163 else {
@@ -163,7 +165,7 @@ function update_results_page() {
163 165 }
164 166
165 167 if ($_SESSION['update_success']) {
166   - $output = '<p>Updates were attempted. If you see no failures below, you may proceed happily to the <a href="' . base_path() . '?q=admin">administration pages</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
  168 + $output = '<p>Updates were attempted. If you see no failures below, you may proceed happily back to your <a href="' . base_path() . '">site</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
167 169 }
168 170 else {
169 171 list($module, $version) = array_pop(reset($_SESSION['updates_remaining']));

0 comments on commit cffbd98

Please sign in to comment.
Something went wrong with that request. Please try again.