"Fossies" - the Fresh Open Source Software Archive

Member "drupal-8.9.10/core/modules/update/update.compare.inc" (26 Nov 2020, 23969 Bytes) of package /linux/www/drupal-8.9.10.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) fasm source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 <?php
    2 
    3 /**
    4  * @file
    5  * Code required only when comparing available updates to existing data.
    6  */
    7 
    8 use Drupal\update\UpdateFetcherInterface;
    9 use Drupal\update\UpdateManagerInterface;
   10 use Drupal\update\ModuleVersion;
   11 use Drupal\update\ProjectCoreCompatibility;
   12 
   13 /**
   14  * Determines version and type information for currently installed projects.
   15  *
   16  * Processes the list of projects on the system to figure out the currently
   17  * installed versions, and other information that is required before we can
   18  * compare against the available releases to produce the status report.
   19  *
   20  * @param $projects
   21  *   Array of project information from
   22  *   \Drupal\update\UpdateManager::getProjects().
   23  */
   24 function update_process_project_info(&$projects) {
   25   foreach ($projects as $key => $project) {
   26     // Assume an official release until we see otherwise.
   27     $install_type = 'official';
   28 
   29     $info = $project['info'];
   30 
   31     if (isset($info['version'])) {
   32       // Check for development snapshots
   33       if (preg_match('@(dev|HEAD)@', $info['version'])) {
   34         $install_type = 'dev';
   35       }
   36 
   37       // Figure out what the currently installed major version is. We need
   38       // to handle both contribution (e.g. "5.x-1.3", major = 1) and core
   39       // (e.g. "5.1", major = 5) version strings.
   40       $matches = [];
   41       if (preg_match('/^(\d+\.x-)?(\d+)\..*$/', $info['version'], $matches)) {
   42         $info['major'] = $matches[2];
   43       }
   44       elseif (!isset($info['major'])) {
   45         // This would only happen for version strings that don't follow the
   46         // drupal.org convention. We let contribs define "major" in their
   47         // .info.yml in this case, and only if that's missing would we hit this.
   48         $info['major'] = -1;
   49       }
   50     }
   51     else {
   52       // No version info available at all.
   53       $install_type = 'unknown';
   54       $info['version'] = t('Unknown');
   55       $info['major'] = -1;
   56     }
   57 
   58     // Finally, save the results we care about into the $projects array.
   59     $projects[$key]['existing_version'] = $info['version'];
   60     $projects[$key]['existing_major'] = $info['major'];
   61     $projects[$key]['install_type'] = $install_type;
   62   }
   63 }
   64 
   65 /**
   66  * Calculates the current update status of all projects on the site.
   67  *
   68  * The results of this function are expensive to compute, especially on sites
   69  * with lots of modules or themes, since it involves a lot of comparisons and
   70  * other operations. Therefore, we store the results. However, since this is not
   71  * the data about available updates fetched from the network, it is ok to
   72  * invalidate it somewhat quickly. If we keep this data for very long, site
   73  * administrators are more likely to see incorrect results if they upgrade to a
   74  * newer version of a module or theme but do not visit certain pages that
   75  * automatically clear this.
   76  *
   77  * @param array $available
   78  *   Data about available project releases.
   79  *
   80  * @return
   81  *   An array of installed projects with current update status information.
   82  *
   83  * @see update_get_available()
   84  * @see \Drupal\update\UpdateManager::getProjects()
   85  * @see update_process_project_info()
   86  * @see \Drupal\update\UpdateManagerInterface::projectStorage()
   87  * @see \Drupal\update\ProjectCoreCompatibility::setReleaseMessage()
   88  */
   89 function update_calculate_project_data($available) {
   90   // Retrieve the projects from storage, if present.
   91   $projects = \Drupal::service('update.manager')->projectStorage('update_project_data');
   92   // If $projects is empty, then the data must be rebuilt.
   93   // Otherwise, return the data and skip the rest of the function.
   94   if (!empty($projects)) {
   95     return $projects;
   96   }
   97   $projects = \Drupal::service('update.manager')->getProjects();
   98   update_process_project_info($projects);
   99   if (isset($projects['drupal']) && !empty($available['drupal'])) {
  100     // Calculate core status first so that it is complete before
  101     // \Drupal\update\ProjectCoreCompatibility::setReleaseMessage() is called
  102     // for each module below.
  103     update_calculate_project_update_status($projects['drupal'], $available['drupal']);
  104     if (isset($available['drupal']['releases'])) {
  105       $project_core_compatibility = new ProjectCoreCompatibility($projects['drupal'], $available['drupal']['releases']);
  106     }
  107   }
  108 
  109   foreach ($projects as $project => $project_info) {
  110     if (isset($available[$project])) {
  111       if ($project === 'drupal') {
  112         continue;
  113       }
  114       update_calculate_project_update_status($projects[$project], $available[$project]);
  115       // Inject the list of compatible core versions to show administrator(s)
  116       // which versions of core a given available update can be installed with.
  117       // Since individual releases of a project can be compatible with different
  118       // versions of core, and even multiple major versions of core (for
  119       // example, 8.9.x and 9.0.x), this list will hopefully help
  120       // administrator(s) know which available updates they can upgrade a given
  121       // project to.
  122       if (isset($project_core_compatibility)) {
  123         $project_core_compatibility->setReleaseMessage($projects[$project]);
  124       }
  125     }
  126     else {
  127       $projects[$project]['status'] = UpdateFetcherInterface::UNKNOWN;
  128       $projects[$project]['reason'] = t('No available releases found');
  129     }
  130   }
  131   // Give other modules a chance to alter the status (for example, to allow a
  132   // contrib module to provide fine-grained settings to ignore specific
  133   // projects or releases).
  134   \Drupal::moduleHandler()->alter('update_status', $projects);
  135 
  136   // Store the site's update status for at most 1 hour.
  137   \Drupal::keyValueExpirable('update')->setWithExpire('update_project_data', $projects, 3600);
  138   return $projects;
  139 }
  140 
  141 /**
  142  * Calculates the current update status of a specific project.
  143  *
  144  * This function is the heart of the update status feature. For each project it
  145  * is invoked with, it first checks if the project has been flagged with a
  146  * special status like "unsupported" or "insecure", or if the project node
  147  * itself has been unpublished. In any of those cases, the project is marked
  148  * with an error and the next project is considered.
  149  *
  150  * If the project itself is valid, the function decides what major release
  151  * series to consider. The project defines its currently supported branches in
  152  * its Drupal.org for the project, so the first step is to make sure the
  153  * development branch of the current version is still supported. If so, then the
  154  * major version of the current version is used. If the current version is not
  155  * in a supported branch, the next supported branch is used to determine the
  156  * major version to use. There's also a check to make sure that this function
  157  * never recommends an earlier release than the currently installed major
  158  * version.
  159  *
  160  * Given a target major version, the available releases are scanned looking for
  161  * the specific release to recommend (avoiding beta releases and development
  162  * snapshots if possible). For the target major version, the highest patch level
  163  * is found. If there is a release at that patch level with no extra ("beta",
  164  * etc.), then the release at that patch level with the most recent release date
  165  * is recommended. If every release at that patch level has extra (only betas),
  166  * then the latest release from the previous patch level is recommended. For
  167  * example:
  168  *
  169  * - 1.6-bugfix <-- recommended version because 1.6 already exists.
  170  * - 1.6
  171  *
  172  * or
  173  *
  174  * - 1.6-beta
  175  * - 1.5 <-- recommended version because no 1.6 exists.
  176  * - 1.4
  177  *
  178  * Also, the latest release from the same major version is looked for, even beta
  179  * releases, to display to the user as the "Latest version" option.
  180  * Additionally, the latest official release from any higher major versions that
  181  * have been released is searched for to provide a set of "Also available"
  182  * options.
  183  *
  184  * Finally, and most importantly, the release history continues to be scanned
  185  * until the currently installed release is reached, searching for anything
  186  * marked as a security update. If any security updates have been found between
  187  * the recommended release and the installed version, all of the releases that
  188  * included a security fix are recorded so that the site administrator can be
  189  * warned their site is insecure, and links pointing to the release notes for
  190  * each security update can be included (which, in turn, will link to the
  191  * official security announcements for each vulnerability).
  192  *
  193  * This function relies on the fact that the .xml release history data comes
  194  * sorted based on major version and patch level, then finally by release date
  195  * if there are multiple releases such as betas from the same major.patch
  196  * version (e.g., 5.x-1.5-beta1, 5.x-1.5-beta2, and 5.x-1.5). Development
  197  * snapshots for a given major version are always listed last.
  198  *
  199  * NOTE: This function *must* set a value for $project_data['status'] before
  200  * returning, or the rest of the Update Manager will break in unexpected ways.
  201  *
  202  * @param $project_data
  203  *   An array containing information about a specific project.
  204  * @param $available
  205  *   Data about available project releases of a specific project.
  206  */
  207 function update_calculate_project_update_status(&$project_data, $available) {
  208   foreach (['title', 'link'] as $attribute) {
  209     if (!isset($project_data[$attribute]) && isset($available[$attribute])) {
  210       $project_data[$attribute] = $available[$attribute];
  211     }
  212   }
  213 
  214   // If the project status is marked as something bad, there's nothing else
  215   // to consider.
  216   if (isset($available['project_status'])) {
  217     switch ($available['project_status']) {
  218       case 'insecure':
  219         $project_data['status'] = UpdateManagerInterface::NOT_SECURE;
  220         if (empty($project_data['extra'])) {
  221           $project_data['extra'] = [];
  222         }
  223         $project_data['extra'][] = [
  224           'label' => t('Project not secure'),
  225           'data' => t('This project has been labeled insecure by the Drupal security team, and is no longer available for download. Immediately disabling everything included by this project is strongly recommended!'),
  226         ];
  227         break;
  228 
  229       case 'unpublished':
  230       case 'revoked':
  231         $project_data['status'] = UpdateManagerInterface::REVOKED;
  232         if (empty($project_data['extra'])) {
  233           $project_data['extra'] = [];
  234         }
  235         $project_data['extra'][] = [
  236           'label' => t('Project revoked'),
  237           'data' => t('This project has been revoked, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),
  238         ];
  239         break;
  240 
  241       case 'unsupported':
  242         $project_data['status'] = UpdateManagerInterface::NOT_SUPPORTED;
  243         if (empty($project_data['extra'])) {
  244           $project_data['extra'] = [];
  245         }
  246         $project_data['extra'][] = [
  247           'label' => t('Project not supported'),
  248           'data' => t('This project is no longer supported, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),
  249         ];
  250         break;
  251 
  252       case 'not-fetched':
  253         $project_data['status'] = UpdateFetcherInterface::NOT_FETCHED;
  254         $project_data['reason'] = t('Failed to get available update data.');
  255         break;
  256 
  257       default:
  258         // Assume anything else (e.g. 'published') is valid and we should
  259         // perform the rest of the logic in this function.
  260         break;
  261     }
  262   }
  263 
  264   if (!empty($project_data['status'])) {
  265     // We already know the status for this project, so there's nothing else to
  266     // compute. Record the project status into $project_data and we're done.
  267     $project_data['project_status'] = $available['project_status'];
  268     return;
  269   }
  270 
  271   // Figure out the target major version.
  272   // Off Drupal.org, '0' could be a valid version string, so don't use empty().
  273   if (!isset($project_data['existing_version']) || $project_data['existing_version'] === '') {
  274     $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
  275     $project_data['reason'] = t('Empty version');
  276     return;
  277   }
  278   try {
  279     $existing_major = ModuleVersion::createFromVersionString($project_data['existing_version'])->getMajorVersion();
  280   }
  281   catch (UnexpectedValueException $exception) {
  282     // If the version has an unexpected value we can't determine updates.
  283     $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
  284     $project_data['reason'] = t('Invalid version: @existing_version', ['@existing_version' => $project_data['existing_version']]);
  285     return;
  286   }
  287   $supported_branches = [];
  288   if (isset($available['supported_branches'])) {
  289     $supported_branches = explode(',', $available['supported_branches']);
  290   }
  291 
  292   $is_in_supported_branch = function ($version) use ($supported_branches) {
  293     foreach ($supported_branches as $supported_branch) {
  294       if (strpos($version, $supported_branch) === 0) {
  295         return TRUE;
  296       }
  297     }
  298     return FALSE;
  299   };
  300   if ($is_in_supported_branch($project_data['existing_version'])) {
  301     // Still supported, stay at the current major version.
  302     $target_major = $existing_major;
  303   }
  304   elseif ($supported_branches) {
  305     // We know the current release is unsupported since it is not in
  306     // 'supported_branches' list. We should use the next valid supported
  307     // branch for the target major version.
  308     $project_data['status'] = UpdateManagerInterface::NOT_SUPPORTED;
  309     foreach ($supported_branches as $supported_branch) {
  310       try {
  311         $target_major = ModuleVersion::createFromSupportBranch($supported_branch)->getMajorVersion();
  312 
  313       }
  314       catch (UnexpectedValueException $exception) {
  315         continue;
  316       }
  317     }
  318     if (!isset($target_major)) {
  319       // If there are no valid support branches, use the current major.
  320       $target_major = $existing_major;
  321     }
  322 
  323   }
  324   else {
  325     // Malformed XML file? Stick with the current branch.
  326     $target_major = $existing_major;
  327   }
  328 
  329   // Make sure we never tell the admin to downgrade. If we recommended an
  330   // earlier version than the one they're running, they'd face an
  331   // impossible data migration problem, since Drupal never supports a DB
  332   // downgrade path. In the unfortunate case that what they're running is
  333   // unsupported, and there's nothing newer for them to upgrade to, we
  334   // can't print out a "Recommended version", but just have to tell them
  335   // what they have is unsupported and let them figure it out.
  336   $target_major = max($existing_major, $target_major);
  337 
  338   // If the project is marked as UpdateFetcherInterface::FETCH_PENDING, it
  339   // means that the data we currently have (if any) is stale, and we've got a
  340   // task queued up to (re)fetch the data. In that case, we mark it as such,
  341   // merge in whatever data we have (e.g. project title and link), and move on.
  342   if (!empty($available['fetch_status']) && $available['fetch_status'] == UpdateFetcherInterface::FETCH_PENDING) {
  343     $project_data['status'] = UpdateFetcherInterface::FETCH_PENDING;
  344     $project_data['reason'] = t('No available update data');
  345     $project_data['fetch_status'] = $available['fetch_status'];
  346     return;
  347   }
  348 
  349   // Defend ourselves from XML history files that contain no releases.
  350   if (empty($available['releases'])) {
  351     $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
  352     $project_data['reason'] = t('No available releases found');
  353     return;
  354   }
  355 
  356   $recommended_version_without_extra = '';
  357   $recommended_release = NULL;
  358 
  359   foreach ($available['releases'] as $version => $release) {
  360     try {
  361       $release_module_version = ModuleVersion::createFromVersionString($release['version']);
  362     }
  363     catch (UnexpectedValueException $exception) {
  364       continue;
  365     }
  366     // First, if this is the existing release, check a few conditions.
  367     if ($project_data['existing_version'] === $version) {
  368       if (isset($release['terms']['Release type']) &&
  369           in_array('Insecure', $release['terms']['Release type'])) {
  370         $project_data['status'] = UpdateManagerInterface::NOT_SECURE;
  371       }
  372       elseif ($release['status'] == 'unpublished') {
  373         $project_data['status'] = UpdateManagerInterface::REVOKED;
  374         if (empty($project_data['extra'])) {
  375           $project_data['extra'] = [];
  376         }
  377         $project_data['extra'][] = [
  378           'class' => ['release-revoked'],
  379           'label' => t('Release revoked'),
  380           'data' => t('Your currently installed release has been revoked, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),
  381         ];
  382       }
  383       elseif (isset($release['terms']['Release type']) &&
  384               in_array('Unsupported', $release['terms']['Release type'])) {
  385         $project_data['status'] = UpdateManagerInterface::NOT_SUPPORTED;
  386         if (empty($project_data['extra'])) {
  387           $project_data['extra'] = [];
  388         }
  389         $project_data['extra'][] = [
  390           'class' => ['release-not-supported'],
  391           'label' => t('Release not supported'),
  392           'data' => t('Your currently installed release is now unsupported, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),
  393         ];
  394       }
  395     }
  396     // Other than the currently installed release, ignore unpublished, insecure,
  397     // or unsupported updates.
  398     elseif ($release['status'] == 'unpublished' ||
  399             !$is_in_supported_branch($release['version']) ||
  400             (isset($release['terms']['Release type']) &&
  401              (in_array('Insecure', $release['terms']['Release type']) ||
  402               in_array('Unsupported', $release['terms']['Release type'])))
  403     ) {
  404       continue;
  405     }
  406 
  407     $release_major_version = $release_module_version->getMajorVersion();
  408     // See if this is a higher major version than our target and yet still
  409     // supported. If so, record it as an "Also available" release.
  410     if ($release_major_version > $target_major) {
  411       if (!isset($project_data['also'])) {
  412         $project_data['also'] = [];
  413       }
  414       if (!isset($project_data['also'][$release_major_version])) {
  415         $project_data['also'][$release_major_version] = $version;
  416         $project_data['releases'][$version] = $release;
  417       }
  418       // Otherwise, this release can't matter to us, since it's neither
  419       // from the release series we're currently using nor the recommended
  420       // release. We don't even care about security updates for this
  421       // branch, since if a project maintainer puts out a security release
  422       // at a higher major version and not at the lower major version,
  423       // they must remove the lower version from the supported major
  424       // versions at the same time, in which case we won't hit this code.
  425       continue;
  426     }
  427 
  428     // Look for the 'latest version' if we haven't found it yet. Latest is
  429     // defined as the most recent version for the target major version.
  430     if (!isset($project_data['latest_version'])
  431         && $release_major_version == $target_major) {
  432       $project_data['latest_version'] = $version;
  433       $project_data['releases'][$version] = $release;
  434     }
  435 
  436     // Look for the development snapshot release for this branch.
  437     if (!isset($project_data['dev_version'])
  438         && $release_major_version == $target_major
  439         && $release_module_version->getVersionExtra() === 'dev') {
  440       $project_data['dev_version'] = $version;
  441       $project_data['releases'][$version] = $release;
  442     }
  443 
  444     if ($release_module_version->getVersionExtra()) {
  445       $release_version_without_extra = str_replace('-' . $release_module_version->getVersionExtra(), '', $release['version']);
  446     }
  447     else {
  448       $release_version_without_extra = $release['version'];
  449     }
  450 
  451     // Look for the 'recommended' version if we haven't found it yet (see
  452     // phpdoc at the top of this function for the definition).
  453     if (!isset($project_data['recommended'])
  454         && $release_major_version == $target_major) {
  455       if ($recommended_version_without_extra !== $release_version_without_extra) {
  456         $recommended_version_without_extra = $release_version_without_extra;
  457         $recommended_release = $release;
  458       }
  459       if ($release_module_version->getVersionExtra() === NULL) {
  460         $project_data['recommended'] = $recommended_release['version'];
  461         $project_data['releases'][$recommended_release['version']] = $recommended_release;
  462       }
  463     }
  464 
  465     // Stop searching once we hit the currently installed version.
  466     if ($project_data['existing_version'] === $version) {
  467       break;
  468     }
  469 
  470     // If we're running a dev snapshot and have a timestamp, stop
  471     // searching for security updates once we hit an official release
  472     // older than what we've got. Allow 100 seconds of leeway to handle
  473     // differences between the datestamp in the .info.yml file and the
  474     // timestamp of the tarball itself (which are usually off by 1 or 2
  475     // seconds) so that we don't flag that as a new release.
  476     if ($project_data['install_type'] == 'dev') {
  477       if (empty($project_data['datestamp'])) {
  478         // We don't have current timestamp info, so we can't know.
  479         continue;
  480       }
  481       elseif (isset($release['date']) && ($project_data['datestamp'] + 100 > $release['date'])) {
  482         // We're newer than this, so we can skip it.
  483         continue;
  484       }
  485     }
  486 
  487     // See if this release is a security update.
  488     if (isset($release['terms']['Release type'])
  489         && in_array('Security update', $release['terms']['Release type'])) {
  490       $project_data['security updates'][] = $release;
  491     }
  492   }
  493 
  494   // If we were unable to find a recommended version, then make the latest
  495   // version the recommended version if possible.
  496   if (!isset($project_data['recommended']) && isset($project_data['latest_version'])) {
  497     $project_data['recommended'] = $project_data['latest_version'];
  498   }
  499 
  500   if (isset($project_data['status'])) {
  501     // If we already know the status, we're done.
  502     return;
  503   }
  504 
  505   // If we don't know what to recommend, there's nothing we can report.
  506   // Bail out early.
  507   if (!isset($project_data['recommended'])) {
  508     $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
  509     $project_data['reason'] = t('No available releases found');
  510     return;
  511   }
  512 
  513   // If we're running a dev snapshot, compare the date of the dev snapshot
  514   // with the latest official version, and record the absolute latest in
  515   // 'latest_dev' so we can correctly decide if there's a newer release
  516   // than our current snapshot.
  517   if ($project_data['install_type'] == 'dev') {
  518     if (isset($project_data['dev_version']) && $available['releases'][$project_data['dev_version']]['date'] > $available['releases'][$project_data['latest_version']]['date']) {
  519       $project_data['latest_dev'] = $project_data['dev_version'];
  520     }
  521     else {
  522       $project_data['latest_dev'] = $project_data['latest_version'];
  523     }
  524   }
  525 
  526   // Figure out the status, based on what we've seen and the install type.
  527   switch ($project_data['install_type']) {
  528     case 'official':
  529       if ($project_data['existing_version'] === $project_data['recommended'] || $project_data['existing_version'] === $project_data['latest_version']) {
  530         $project_data['status'] = UpdateManagerInterface::CURRENT;
  531       }
  532       else {
  533         $project_data['status'] = UpdateManagerInterface::NOT_CURRENT;
  534       }
  535       break;
  536 
  537     case 'dev':
  538       $latest = $available['releases'][$project_data['latest_dev']];
  539       if (empty($project_data['datestamp'])) {
  540         $project_data['status'] = UpdateFetcherInterface::NOT_CHECKED;
  541         $project_data['reason'] = t('Unknown release date');
  542       }
  543       elseif (($project_data['datestamp'] + 100 > $latest['date'])) {
  544         $project_data['status'] = UpdateManagerInterface::CURRENT;
  545       }
  546       else {
  547         $project_data['status'] = UpdateManagerInterface::NOT_CURRENT;
  548       }
  549       break;
  550 
  551     default:
  552       $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
  553       $project_data['reason'] = t('Invalid info');
  554   }
  555 }