Browse files

- Patch #598414 by Tor Arne Thune, Dave Reid: Fixed Links in the upda…

…te results page lead to 403s.
  • Loading branch information...
1 parent a5f9c98 commit cffbd988245017d0ca098dbcee5c5de831b0c6a1 @dbuytaert dbuytaert committed Feb 2, 2012
Showing with 55 additions and 3 deletions.
  1. +50 −0 modules/system/system.test
  2. +5 −3 update.php
View
50 modules/system/system.test
@@ -2239,6 +2239,56 @@ class UpdateScriptFunctionalTest extends DrupalWebTestCase {
$final_theme_data = db_query("SELECT * FROM {system} WHERE type = 'theme' ORDER BY name")->fetchAll();
$this->assertEqual($original_theme_data, $final_theme_data, t('Visiting update.php does not alter the information about themes stored in the database.'));
}
+
+ /**
+ * Tests update.php when there are no updates to apply.
+ */
+ function testNoUpdateFunctionality() {
+ // Click through update.php with 'administer software updates' permission.
+ $this->drupalLogin($this->update_user);
+ $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
+ $this->assertText(t('No pending updates.'));
+ $this->assertNoLink('Administration pages');
+ $this->clickLink('Front page');
+ $this->assertResponse(200);
+
+ // Click through update.php with 'access administration pages' permission.
+ $admin_user = $this->drupalCreateUser(array('administer software updates', 'access administration pages'));
+ $this->drupalLogin($admin_user);
+ $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
+ $this->assertText(t('No pending updates.'));
+ $this->clickLink('Administration pages');
+ $this->assertResponse(200);
+ }
+
+ /**
+ * Tests update.php after performing a successful update.
+ */
+ function testSuccessfulUpdateFunctionality() {
+ drupal_set_installed_schema_version('update_script_test', drupal_get_installed_schema_version('update_script_test') - 1);
+ // Click through update.php with 'administer software updates' permission.
+ $this->drupalLogin($this->update_user);
+ $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
+ $this->drupalPost(NULL, array(), t('Apply pending updates'));
+ $this->assertText('Updates were attempted.');
+ $this->assertLink('site');
+ $this->assertNoLink('Administration pages');
+ $this->assertNoLink('logged');
+ $this->clickLink('Front page');
+ $this->assertResponse(200);
+
+ drupal_set_installed_schema_version('update_script_test', drupal_get_installed_schema_version('update_script_test') - 1);
+ // Click through update.php with 'access administration pages' and
+ // 'access site reports' permissions.
+ $admin_user = $this->drupalCreateUser(array('administer software updates', 'access administration pages', 'access site reports'));
+ $this->drupalLogin($admin_user);
+ $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE));
+ $this->drupalPost(NULL, array(), t('Apply pending updates'));
+ $this->assertText('Updates were attempted.');
+ $this->assertLink('logged');
+ $this->clickLink('Administration pages');
+ $this->assertResponse(200);
+ }
}
/**
View
8 update.php
@@ -145,7 +145,9 @@ function update_helpful_links() {
// NOTE: we can't use l() here because the URL would point to
// 'update.php?q=admin'.
$links[] = '<a href="' . base_path() . '">Front page</a>';
- $links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
+ if (user_access('access administration pages')) {
+ $links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
+ }
return $links;
}
@@ -155,15 +157,15 @@ function update_results_page() {
update_task_list();
// Report end result.
- if (module_exists('dblog')) {
+ if (module_exists('dblog') && user_access('access site reports')) {
$log_message = ' All errors have been <a href="' . base_path() . '?q=admin/reports/dblog">logged</a>.';
}
else {
$log_message = ' All errors have been logged.';
}
if ($_SESSION['update_success']) {
- $output = '<p>Updates were attempted. If you see no failures below, you may proceed happily to the <a href="' . base_path() . '?q=admin">administration pages</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
+ $output = '<p>Updates were attempted. If you see no failures below, you may proceed happily back to your <a href="' . base_path() . '">site</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
}
else {
list($module, $version) = array_pop(reset($_SESSION['updates_remaining']));

0 comments on commit cffbd98

Please sign in to comment.