update.compare.inc

  1. 7.x drupal-7.x/modules/update/update.compare.inc
  2. 6.x drupal-6.x/modules/update/update.compare.inc

Code required only when comparing available updates to existing data.

File

drupal-7.x/modules/update/update.compare.inc
View source
  1. <?php

  2. 

  3. /**

  4.  * @file

  5.  * Code required only when comparing available updates to existing data.

  6.  */

  7. 

  8. /**

  9.  * Fetches an array of installed and enabled projects.

  10.  *

  11.  * This is only responsible for generating an array of projects (taking into

  12.  * account projects that include more than one module or theme). Other

  13.  * information like the specific version and install type (official release,

  14.  * dev snapshot, etc) is handled later in update_process_project_info() since

  15.  * that logic is only required when preparing the status report, not for

  16.  * fetching the available release data.

  17.  *

  18.  * This array is fairly expensive to construct, since it involves a lot of disk

  19.  * I/O, so we cache the results into the {cache_update} table using the

  20.  * 'update_project_projects' cache ID. However, since this is not the data about

  21.  * available updates fetched from the network, it is acceptable to invalidate it

  22.  * somewhat quickly. If we keep this data for very long, site administrators are

  23.  * more likely to see incorrect results if they upgrade to a newer version of a

  24.  * module or theme but do not visit certain pages that automatically clear this

  25.  * cache.

  26.  *

  27.  * @return

  28.  *   An associative array of currently enabled projects keyed by the

  29.  *   machine-readable project short name. Each project contains:

  30.  *   - name: The machine-readable project short name.

  31.  *   - info: An array with values from the main .info file for this project.

  32.  *     - name: The human-readable name of the project.

  33.  *     - package: The package that the project is grouped under.

  34.  *     - version: The version of the project.

  35.  *     - project: The Drupal.org project name.

  36.  *     - datestamp: The date stamp of the project's main .info file.

  37.  *     - _info_file_ctime: The maximum file change time for all of the .info

  38.  *       files included in this project.

  39.  *   - datestamp: The date stamp when the project was released, if known.

  40.  *   - includes: An associative array containing all projects included with this

  41.  *     project, keyed by the machine-readable short name with the human-readable

  42.  *     name as value.

  43.  *   - project_type: The type of project. Allowed values are 'module' and

  44.  *     'theme'.

  45.  *   - project_status: This indicates if the project is enabled and will always

  46.  *     be TRUE, as the function only returns enabled projects.

  47.  *   - sub_themes: If the project is a theme it contains an associative array of

  48.  *     all sub-themes.

  49.  *   - base_themes: If the project is a theme it contains an associative array

  50.  *     of all base-themes.

  51.  *

  52.  * @see update_process_project_info()

  53.  * @see update_calculate_project_data()

  54.  * @see update_project_cache()

  55.  */

  56. function update_get_projects() {

  57.   $projects = &drupal_static(__FUNCTION__, array());

  58.   if (empty($projects)) {

  59.     // Retrieve the projects from cache, if present.

  60.     $projects = update_project_cache('update_project_projects');

  61.     if (empty($projects)) {

  62.       // Still empty, so we have to rebuild the cache.

  63.       $module_data = system_rebuild_module_data();

  64.       $theme_data = system_rebuild_theme_data();

  65.       _update_process_info_list($projects, $module_data, 'module', TRUE);

  66.       _update_process_info_list($projects, $theme_data, 'theme', TRUE);

  67.       if (variable_get('update_check_disabled', FALSE)) {

  68.         _update_process_info_list($projects, $module_data, 'module', FALSE);

  69.         _update_process_info_list($projects, $theme_data, 'theme', FALSE);

  70.       }

  71.       // Allow other modules to alter projects before fetching and comparing.

  72.       drupal_alter('update_projects', $projects);

  73.       // Cache the site's project data for at most 1 hour.

  74.       _update_cache_set('update_project_projects', $projects, REQUEST_TIME + 3600);

  75.     }

  76.   }

  77.   return $projects;

  78. }

  79. 

  80. /**

  81.  * Populates an array of project data.

  82.  *

  83.  * This iterates over a list of the installed modules or themes and groups them

  84.  * by project and status. A few parts of this function assume that enabled

  85.  * modules and themes are always processed first, and if disabled modules or

  86.  * themes are being processed (there is a setting to control if disabled code

  87.  * should be included or not in the 'Available updates' report), those are only

  88.  * processed after $projects has been populated with information about the

  89.  * enabled code. Modules and themes set as hidden are always ignored. This

  90.  * function also records the latest change time on the .info files for each

  91.  * module or theme, which is important data which is used when deciding if the

  92.  * cached available update data should be invalidated.

  93.  *

  94.  * @param $projects

  95.  *   Reference to the array of project data of what's installed on this site.

  96.  * @param $list

  97.  *   Array of data to process to add the relevant info to the $projects array.

  98.  * @param $project_type

  99.  *   The kind of data in the list. Can be 'module' or 'theme'.

  100.  * @param $status

  101.  *   Boolean that controls what status (enabled or disabled) to process out of

  102.  *   the $list and add to the $projects array.

  103.  *

  104.  * @see update_get_projects()

  105.  */

  106. function _update_process_info_list(&$projects, $list, $project_type, $status) {

  107.   foreach ($list as $file) {

  108.     // A disabled base theme of an enabled sub-theme still has all of its code

  109.     // run by the sub-theme, so we include it in our "enabled" projects list.

  110.     if ($status && !$file->status && !empty($file->sub_themes)) {

  111.       foreach ($file->sub_themes as $key => $name) {

  112.         // Build a list of enabled sub-themes.

  113.         if ($list[$key]->status) {

  114.           $file->enabled_sub_themes[$key] = $name;

  115.         }

  116.       }

  117.       // If there are no enabled subthemes, we should ignore this base theme

  118.       // for the enabled case. If the site is trying to display disabled

  119.       // themes, we'll catch it then.

  120.       if (empty($file->enabled_sub_themes)) {

  121.         continue;

  122.       }

  123.     }

  124.     // Otherwise, just add projects of the proper status to our list.

  125.     elseif ($file->status != $status) {

  126.       continue;

  127.     }

  128. 

  129.     // Skip if the .info file is broken.

  130.     if (empty($file->info)) {

  131.       continue;

  132.     }

  133. 

  134.     // Skip if it's a hidden module or theme.

  135.     if (!empty($file->info['hidden'])) {

  136.       continue;

  137.     }

  138. 

  139.     // If the .info doesn't define the 'project', try to figure it out.

  140.     if (!isset($file->info['project'])) {

  141.       $file->info['project'] = update_get_project_name($file);

  142.     }

  143. 

  144.     // If we still don't know the 'project', give up.

  145.     if (empty($file->info['project'])) {

  146.       continue;

  147.     }

  148. 

  149.     // If we don't already know it, grab the change time on the .info file

  150.     // itself. Note: we need to use the ctime, not the mtime (modification

  151.     // time) since many (all?) tar implementations will go out of their way to

  152.     // set the mtime on the files it creates to the timestamps recorded in the

  153.     // tarball. We want to see the last time the file was changed on disk,

  154.     // which is left alone by tar and correctly set to the time the .info file

  155.     // was unpacked.

  156.     if (!isset($file->info['_info_file_ctime'])) {

  157.       $info_filename = dirname($file->uri) . '/' . $file->name . '.info';

  158.       $file->info['_info_file_ctime'] = filectime($info_filename);

  159.     }

  160. 

  161.     if (!isset($file->info['datestamp'])) {

  162.       $file->info['datestamp'] = 0;

  163.     }

  164. 

  165.     $project_name = $file->info['project'];

  166. 

  167.     // Figure out what project type we're going to use to display this module

  168.     // or theme. If the project name is 'drupal', we don't want it to show up

  169.     // under the usual "Modules" section, we put it at a special "Drupal Core"

  170.     // section at the top of the report.

  171.     if ($project_name == 'drupal') {

  172.       $project_display_type = 'core';

  173.     }

  174.     else {

  175.       $project_display_type = $project_type;

  176.     }

  177.     if (empty($status) && empty($file->enabled_sub_themes)) {

  178.       // If we're processing disabled modules or themes, append a suffix.

  179.       // However, we don't do this to a a base theme with enabled

  180.       // subthemes, since we treat that case as if it is enabled.

  181.       $project_display_type .= '-disabled';

  182.     }

  183.     // Add a list of sub-themes that "depend on" the project and a list of base

  184.     // themes that are "required by" the project.

  185.     if ($project_name == 'drupal') {

  186.       // Drupal core is always required, so this extra info would be noise.

  187.       $sub_themes = array();

  188.       $base_themes = array();

  189.     }

  190.     else {

  191.       // Add list of enabled sub-themes.

  192.       $sub_themes = !empty($file->enabled_sub_themes) ? $file->enabled_sub_themes : array();

  193.       // Add list of base themes.

  194.       $base_themes = !empty($file->base_themes) ? $file->base_themes : array();

  195.     }

  196.     if (!isset($projects[$project_name])) {

  197.       // Only process this if we haven't done this project, since a single

  198.       // project can have multiple modules or themes.

  199.       $projects[$project_name] = array(

  200.         'name' => $project_name,

  201.         // Only save attributes from the .info file we care about so we do not

  202.         // bloat our RAM usage needlessly.

  203.         'info' => update_filter_project_info($file->info),

  204.         'datestamp' => $file->info['datestamp'],

  205.         'includes' => array($file->name => $file->info['name']),

  206.         'project_type' => $project_display_type,

  207.         'project_status' => $status,

  208.         'sub_themes' => $sub_themes,

  209.         'base_themes' => $base_themes,

  210.       );

  211.     }

  212.     elseif ($projects[$project_name]['project_type'] == $project_display_type) {

  213.       // Only add the file we're processing to the 'includes' array for this

  214.       // project if it is of the same type and status (which is encoded in the

  215.       // $project_display_type). This prevents listing all the disabled

  216.       // modules included with an enabled project if we happen to be checking

  217.       // for disabled modules, too.

  218.       $projects[$project_name]['includes'][$file->name] = $file->info['name'];

  219.       $projects[$project_name]['info']['_info_file_ctime'] = max($projects[$project_name]['info']['_info_file_ctime'], $file->info['_info_file_ctime']);

  220.       $projects[$project_name]['datestamp'] = max($projects[$project_name]['datestamp'], $file->info['datestamp']);

  221.       if (!empty($sub_themes)) {

  222.         $projects[$project_name]['sub_themes'] += $sub_themes;

  223.       }

  224.       if (!empty($base_themes)) {

  225.         $projects[$project_name]['base_themes'] += $base_themes;

  226.       }

  227.     }

  228.     elseif (empty($status)) {

  229.       // If we have a project_name that matches, but the project_display_type

  230.       // does not, it means we're processing a disabled module or theme that

  231.       // belongs to a project that has some enabled code. In this case, we add

  232.       // the disabled thing into a separate array for separate display.

  233.       $projects[$project_name]['disabled'][$file->name] = $file->info['name'];

  234.     }

  235.   }

  236. }

  237. 

  238. /**

  239.  * Determines what project a given file object belongs to.

  240.  *

  241.  * @param $file

  242.  *   A file object as returned by system_get_files_database().

  243.  *

  244.  * @return

  245.  *   The canonical project short name.

  246.  *

  247.  * @see system_get_files_database()

  248.  */

  249. function update_get_project_name($file) {

  250.   $project_name = '';

  251.   if (isset($file->info['project'])) {

  252.     $project_name = $file->info['project'];

  253.   }

  254.   elseif (isset($file->info['package']) && (strpos($file->info['package'], 'Core') === 0)) {

  255.     $project_name = 'drupal';

  256.   }

  257.   return $project_name;

  258. }

  259. 

  260. /**

  261.  * Determines version and type information for currently installed projects.

  262.  *

  263.  * Processes the list of projects on the system to figure out the currently

  264.  * installed versions, and other information that is required before we can

  265.  * compare against the available releases to produce the status report.

  266.  *

  267.  * @param $projects

  268.  *   Array of project information from update_get_projects().

  269.  */

  270. function update_process_project_info(&$projects) {

  271.   foreach ($projects as $key => $project) {

  272.     // Assume an official release until we see otherwise.

  273.     $install_type = 'official';

  274. 

  275.     $info = $project['info'];

  276. 

  277.     if (isset($info['version'])) {

  278.       // Check for development snapshots

  279.       if (preg_match('@(dev|HEAD)@', $info['version'])) {

  280.         $install_type = 'dev';

  281.       }

  282. 

  283.       // Figure out what the currently installed major version is. We need

  284.       // to handle both contribution (e.g. "5.x-1.3", major = 1) and core

  285.       // (e.g. "5.1", major = 5) version strings.

  286.       $matches = array();

  287.       if (preg_match('/^(\d+\.x-)?(\d+)\..*$/', $info['version'], $matches)) {

  288.         $info['major'] = $matches[2];

  289.       }

  290.       elseif (!isset($info['major'])) {

  291.         // This would only happen for version strings that don't follow the

  292.         // drupal.org convention. We let contribs define "major" in their

  293.         // .info in this case, and only if that's missing would we hit this.

  294.         $info['major'] = -1;

  295.       }

  296.     }

  297.     else {

  298.       // No version info available at all.

  299.       $install_type = 'unknown';

  300.       $info['version'] = t('Unknown');

  301.       $info['major'] = -1;

  302.     }

  303. 

  304.     // Finally, save the results we care about into the $projects array.

  305.     $projects[$key]['existing_version'] = $info['version'];

  306.     $projects[$key]['existing_major'] = $info['major'];

  307.     $projects[$key]['install_type'] = $install_type;

  308.   }

  309. }

  310. 

  311. /**

  312.  * Calculates the current update status of all projects on the site.

  313.  *

  314.  * The results of this function are expensive to compute, especially on sites

  315.  * with lots of modules or themes, since it involves a lot of comparisons and

  316.  * other operations. Therefore, we cache the results into the {cache_update}

  317.  * table using the 'update_project_data' cache ID. However, since this is not

  318.  * the data about available updates fetched from the network, it is ok to

  319.  * invalidate it somewhat quickly. If we keep this data for very long, site

  320.  * administrators are more likely to see incorrect results if they upgrade to a

  321.  * newer version of a module or theme but do not visit certain pages that

  322.  * automatically clear this cache.

  323.  *

  324.  * @param array $available

  325.  *   Data about available project releases.

  326.  *

  327.  * @return

  328.  *   An array of installed projects with current update status information.

  329.  *

  330.  * @see update_get_available()

  331.  * @see update_get_projects()

  332.  * @see update_process_project_info()

  333.  * @see update_project_cache()

  334.  */

  335. function update_calculate_project_data($available) {

  336.   // Retrieve the projects from cache, if present.

  337.   $projects = update_project_cache('update_project_data');

  338.   // If $projects is empty, then the cache must be rebuilt.

  339.   // Otherwise, return the cached data and skip the rest of the function.

  340.   if (!empty($projects)) {

  341.     return $projects;

  342.   }

  343.   $projects = update_get_projects();

  344.   update_process_project_info($projects);

  345.   foreach ($projects as $project => $project_info) {

  346.     if (isset($available[$project])) {

  347.       update_calculate_project_update_status($project, $projects[$project], $available[$project]);

  348.     }

  349.     else {

  350.       $projects[$project]['status'] = UPDATE_UNKNOWN;

  351.       $projects[$project]['reason'] = t('No available releases found');

  352.     }

  353.   }

  354.   // Give other modules a chance to alter the status (for example, to allow a

  355.   // contrib module to provide fine-grained settings to ignore specific

  356.   // projects or releases).

  357.   drupal_alter('update_status', $projects);

  358. 

  359.   // Cache the site's update status for at most 1 hour.

  360.   _update_cache_set('update_project_data', $projects, REQUEST_TIME + 3600);

  361.   return $projects;

  362. }

  363. 

  364. /**

  365.  * Calculates the current update status of a specific project.

  366.  *

  367.  * This function is the heart of the update status feature. For each project it

  368.  * is invoked with, it first checks if the project has been flagged with a

  369.  * special status like "unsupported" or "insecure", or if the project node

  370.  * itself has been unpublished. In any of those cases, the project is marked

  371.  * with an error and the next project is considered.

  372.  *

  373.  * If the project itself is valid, the function decides what major release

  374.  * series to consider. The project defines what the currently supported major

  375.  * versions are for each version of core, so the first step is to make sure the

  376.  * current version is still supported. If so, that's the target version. If the

  377.  * current version is unsupported, the project maintainer's recommended major

  378.  * version is used. There's also a check to make sure that this function never

  379.  * recommends an earlier release than the currently installed major version.

  380.  *

  381.  * Given a target major version, the available releases are scanned looking for

  382.  * the specific release to recommend (avoiding beta releases and development

  383.  * snapshots if possible). For the target major version, the highest patch level

  384.  * is found. If there is a release at that patch level with no extra ("beta",

  385.  * etc.), then the release at that patch level with the most recent release date

  386.  * is recommended. If every release at that patch level has extra (only betas),

  387.  * then the latest release from the previous patch level is recommended. For

  388.  * example:

  389.  *

  390.  * - 1.6-bugfix <-- recommended version because 1.6 already exists.

  391.  * - 1.6

  392.  *

  393.  * or

  394.  *

  395.  * - 1.6-beta

  396.  * - 1.5 <-- recommended version because no 1.6 exists.

  397.  * - 1.4

  398.  *

  399.  * Also, the latest release from the same major version is looked for, even beta

  400.  * releases, to display to the user as the "Latest version" option.

  401.  * Additionally, the latest official release from any higher major versions that

  402.  * have been released is searched for to provide a set of "Also available"

  403.  * options.

  404.  *

  405.  * Finally, and most importantly, the release history continues to be scanned

  406.  * until the currently installed release is reached, searching for anything

  407.  * marked as a security update. If any security updates have been found between

  408.  * the recommended release and the installed version, all of the releases that

  409.  * included a security fix are recorded so that the site administrator can be

  410.  * warned their site is insecure, and links pointing to the release notes for

  411.  * each security update can be included (which, in turn, will link to the

  412.  * official security announcements for each vulnerability).

  413.  *

  414.  * This function relies on the fact that the .xml release history data comes

  415.  * sorted based on major version and patch level, then finally by release date

  416.  * if there are multiple releases such as betas from the same major.patch

  417.  * version (e.g., 5.x-1.5-beta1, 5.x-1.5-beta2, and 5.x-1.5). Development

  418.  * snapshots for a given major version are always listed last.

  419.  *

  420.  * @param $project

  421.  *   An array containing information about a specific project.

  422.  * @param $project_data

  423.  *   An array containing information about a specific project.

  424.  * @param $available

  425.  *   Data about available project releases of a specific project.

  426.  */

  427. function update_calculate_project_update_status($project, &$project_data, $available) {

  428.   foreach (array('title', 'link') as $attribute) {

  429.     if (!isset($project_data[$attribute]) && isset($available[$attribute])) {

  430.       $project_data[$attribute] = $available[$attribute];

  431.     }

  432.   }

  433. 

  434.   // If the project status is marked as something bad, there's nothing else

  435.   // to consider.

  436.   if (isset($available['project_status'])) {

  437.     switch ($available['project_status']) {

  438.       case 'insecure':

  439.         $project_data['status'] = UPDATE_NOT_SECURE;

  440.         if (empty($project_data['extra'])) {

  441.           $project_data['extra'] = array();

  442.         }

  443.         $project_data['extra'][] = array(

  444.           'class' => array('project-not-secure'),

  445.           'label' => t('Project not secure'),

  446.           'data' => t('This project has been labeled insecure by the Drupal security team, and is no longer available for download. Immediately disabling everything included by this project is strongly recommended!'),

  447.         );

  448.         break;

  449.       case 'unpublished':

  450.       case 'revoked':

  451.         $project_data['status'] = UPDATE_REVOKED;

  452.         if (empty($project_data['extra'])) {

  453.           $project_data['extra'] = array();

  454.         }

  455.         $project_data['extra'][] = array(

  456.           'class' => array('project-revoked'),

  457.           'label' => t('Project revoked'),

  458.           'data' => t('This project has been revoked, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),

  459.         );

  460.         break;

  461.       case 'unsupported':

  462.         $project_data['status'] = UPDATE_NOT_SUPPORTED;

  463.         if (empty($project_data['extra'])) {

  464.           $project_data['extra'] = array();

  465.         }

  466.         $project_data['extra'][] = array(

  467.           'class' => array('project-not-supported'),

  468.           'label' => t('Project not supported'),

  469.           'data' => t('This project is no longer supported, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),

  470.         );

  471.         break;

  472.       case 'not-fetched':

  473.         $project_data['status'] = UPDATE_NOT_FETCHED;

  474.         $project_data['reason'] = t('Failed to get available update data.');

  475.         break;

  476. 

  477.       default:

  478.         // Assume anything else (e.g. 'published') is valid and we should

  479.         // perform the rest of the logic in this function.

  480.         break;

  481.     }

  482.   }

  483. 

  484.   if (!empty($project_data['status'])) {

  485.     // We already know the status for this project, so there's nothing else to

  486.     // compute. Record the project status into $project_data and we're done.

  487.     $project_data['project_status'] = $available['project_status'];

  488.     return;

  489.   }

  490. 

  491.   // Figure out the target major version.

  492.   $existing_major = $project_data['existing_major'];

  493.   $supported_majors = array();

  494.   if (isset($available['supported_majors'])) {

  495.     $supported_majors = explode(',', $available['supported_majors']);

  496.   }

  497.   elseif (isset($available['default_major'])) {

  498.     // Older release history XML file without supported or recommended.

  499.     $supported_majors[] = $available['default_major'];

  500.   }

  501. 

  502.   if (in_array($existing_major, $supported_majors)) {

  503.     // Still supported, stay at the current major version.

  504.     $target_major = $existing_major;

  505.   }

  506.   elseif (isset($available['recommended_major'])) {

  507.     // Since 'recommended_major' is defined, we know this is the new XML

  508.     // format. Therefore, we know the current release is unsupported since

  509.     // its major version was not in the 'supported_majors' list. We should

  510.     // find the best release from the recommended major version.

  511.     $target_major = $available['recommended_major'];

  512.     $project_data['status'] = UPDATE_NOT_SUPPORTED;

  513.   }

  514.   elseif (isset($available['default_major'])) {

  515.     // Older release history XML file without recommended, so recommend

  516.     // the currently defined "default_major" version.

  517.     $target_major = $available['default_major'];

  518.   }

  519.   else {

  520.     // Malformed XML file? Stick with the current version.

  521.     $target_major = $existing_major;

  522.   }

  523. 

  524.   // Make sure we never tell the admin to downgrade. If we recommended an

  525.   // earlier version than the one they're running, they'd face an

  526.   // impossible data migration problem, since Drupal never supports a DB

  527.   // downgrade path. In the unfortunate case that what they're running is

  528.   // unsupported, and there's nothing newer for them to upgrade to, we

  529.   // can't print out a "Recommended version", but just have to tell them

  530.   // what they have is unsupported and let them figure it out.

  531.   $target_major = max($existing_major, $target_major);

  532. 

  533.   $release_patch_changed = '';

  534.   $patch = '';

  535. 

  536.   // If the project is marked as UPDATE_FETCH_PENDING, it means that the

  537.   // data we currently have (if any) is stale, and we've got a task queued

  538.   // up to (re)fetch the data. In that case, we mark it as such, merge in

  539.   // whatever data we have (e.g. project title and link), and move on.

  540.   if (!empty($available['fetch_status']) && $available['fetch_status'] == UPDATE_FETCH_PENDING) {

  541.     $project_data['status'] = UPDATE_FETCH_PENDING;

  542.     $project_data['reason'] = t('No available update data');

  543.     $project_data['fetch_status'] = $available['fetch_status'];

  544.     return;

  545.   }

  546. 

  547.   // Defend ourselves from XML history files that contain no releases.

  548.   if (empty($available['releases'])) {

  549.     $project_data['status'] = UPDATE_UNKNOWN;

  550.     $project_data['reason'] = t('No available releases found');

  551.     return;

  552.   }

  553.   foreach ($available['releases'] as $version => $release) {

  554.     // First, if this is the existing release, check a few conditions.

  555.     if ($project_data['existing_version'] === $version) {

  556.       if (isset($release['terms']['Release type']) &&

  557.           in_array('Insecure', $release['terms']['Release type'])) {

  558.         $project_data['status'] = UPDATE_NOT_SECURE;

  559.       }

  560.       elseif ($release['status'] == 'unpublished') {

  561.         $project_data['status'] = UPDATE_REVOKED;

  562.         if (empty($project_data['extra'])) {

  563.           $project_data['extra'] = array();

  564.         }

  565.         $project_data['extra'][] = array(

  566.           'class' => array('release-revoked'),

  567.           'label' => t('Release revoked'),

  568.           'data' => t('Your currently installed release has been revoked, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),

  569.         );

  570.       }

  571.       elseif (isset($release['terms']['Release type']) &&

  572.               in_array('Unsupported', $release['terms']['Release type'])) {

  573.         $project_data['status'] = UPDATE_NOT_SUPPORTED;

  574.         if (empty($project_data['extra'])) {

  575.           $project_data['extra'] = array();

  576.         }

  577.         $project_data['extra'][] = array(

  578.           'class' => array('release-not-supported'),

  579.           'label' => t('Release not supported'),

  580.           'data' => t('Your currently installed release is now unsupported, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),

  581.         );

  582.       }

  583.     }

  584. 

  585.     // Otherwise, ignore unpublished, insecure, or unsupported releases.

  586.     if ($release['status'] == 'unpublished' ||

  587.         (isset($release['terms']['Release type']) &&

  588.          (in_array('Insecure', $release['terms']['Release type']) ||

  589.           in_array('Unsupported', $release['terms']['Release type'])))) {

  590.       continue;

  591.     }

  592. 

  593.     // See if this is a higher major version than our target and yet still

  594.     // supported. If so, record it as an "Also available" release.

  595.     // Note: some projects have a HEAD release from CVS days, which could

  596.     // be one of those being compared. They would not have version_major

  597.     // set, so we must call isset first.

  598.     if (isset($release['version_major']) && $release['version_major'] > $target_major) {

  599.       if (in_array($release['version_major'], $supported_majors)) {

  600.         if (!isset($project_data['also'])) {

  601.           $project_data['also'] = array();

  602.         }

  603.         if (!isset($project_data['also'][$release['version_major']])) {

  604.           $project_data['also'][$release['version_major']] = $version;

  605.           $project_data['releases'][$version] = $release;

  606.         }

  607.       }

  608.       // Otherwise, this release can't matter to us, since it's neither

  609.       // from the release series we're currently using nor the recommended

  610.       // release. We don't even care about security updates for this

  611.       // branch, since if a project maintainer puts out a security release

  612.       // at a higher major version and not at the lower major version,

  613.       // they must remove the lower version from the supported major

  614.       // versions at the same time, in which case we won't hit this code.

  615.       continue;

  616.     }

  617. 

  618.     // Look for the 'latest version' if we haven't found it yet. Latest is

  619.     // defined as the most recent version for the target major version.

  620.     if (!isset($project_data['latest_version'])

  621.         && $release['version_major'] == $target_major) {

  622.       $project_data['latest_version'] = $version;

  623.       $project_data['releases'][$version] = $release;

  624.     }

  625. 

  626.     // Look for the development snapshot release for this branch.

  627.     if (!isset($project_data['dev_version'])

  628.         && $release['version_major'] == $target_major

  629.         && isset($release['version_extra'])

  630.         && $release['version_extra'] == 'dev') {

  631.       $project_data['dev_version'] = $version;

  632.       $project_data['releases'][$version] = $release;

  633.     }

  634. 

  635.     // Look for the 'recommended' version if we haven't found it yet (see

  636.     // phpdoc at the top of this function for the definition).

  637.     if (!isset($project_data['recommended'])

  638.         && $release['version_major'] == $target_major

  639.         && isset($release['version_patch'])) {

  640.       if ($patch != $release['version_patch']) {

  641.         $patch = $release['version_patch'];

  642.         $release_patch_changed = $release;

  643.       }

  644.       if (empty($release['version_extra']) && $patch == $release['version_patch']) {

  645.         $project_data['recommended'] = $release_patch_changed['version'];

  646.         $project_data['releases'][$release_patch_changed['version']] = $release_patch_changed;

  647.       }

  648.     }

  649. 

  650.     // Stop searching once we hit the currently installed version.

  651.     if ($project_data['existing_version'] === $version) {

  652.       break;

  653.     }

  654. 

  655.     // If we're running a dev snapshot and have a timestamp, stop

  656.     // searching for security updates once we hit an official release

  657.     // older than what we've got. Allow 100 seconds of leeway to handle

  658.     // differences between the datestamp in the .info file and the

  659.     // timestamp of the tarball itself (which are usually off by 1 or 2

  660.     // seconds) so that we don't flag that as a new release.

  661.     if ($project_data['install_type'] == 'dev') {

  662.       if (empty($project_data['datestamp'])) {

  663.         // We don't have current timestamp info, so we can't know.

  664.         continue;

  665.       }

  666.       elseif (isset($release['date']) && ($project_data['datestamp'] + 100 > $release['date'])) {

  667.         // We're newer than this, so we can skip it.

  668.         continue;

  669.       }

  670.     }

  671. 

  672.     // See if this release is a security update.

  673.     if (isset($release['terms']['Release type'])

  674.         && in_array('Security update', $release['terms']['Release type'])) {

  675.       $project_data['security updates'][] = $release;

  676.     }

  677.   }

  678. 

  679.   // If we were unable to find a recommended version, then make the latest

  680.   // version the recommended version if possible.

  681.   if (!isset($project_data['recommended']) && isset($project_data['latest_version'])) {

  682.     $project_data['recommended'] = $project_data['latest_version'];

  683.   }

  684. 

  685.   //

  686.   // Check to see if we need an update or not.

  687.   //

  688. 

  689.   if (!empty($project_data['security updates'])) {

  690.     // If we found security updates, that always trumps any other status.

  691.     $project_data['status'] = UPDATE_NOT_SECURE;

  692.   }

  693. 

  694.   if (isset($project_data['status'])) {

  695.     // If we already know the status, we're done.

  696.     return;

  697.   }

  698. 

  699.   // If we don't know what to recommend, there's nothing we can report.

  700.   // Bail out early.

  701.   if (!isset($project_data['recommended'])) {

  702.     $project_data['status'] = UPDATE_UNKNOWN;

  703.     $project_data['reason'] = t('No available releases found');

  704.     return;

  705.   }

  706. 

  707.   // If we're running a dev snapshot, compare the date of the dev snapshot

  708.   // with the latest official version, and record the absolute latest in

  709.   // 'latest_dev' so we can correctly decide if there's a newer release

  710.   // than our current snapshot.

  711.   if ($project_data['install_type'] == 'dev') {

  712.     if (isset($project_data['dev_version']) && $available['releases'][$project_data['dev_version']]['date'] > $available['releases'][$project_data['latest_version']]['date']) {

  713.       $project_data['latest_dev'] = $project_data['dev_version'];

  714.     }

  715.     else {

  716.       $project_data['latest_dev'] = $project_data['latest_version'];

  717.     }

  718.   }

  719. 

  720.   // Figure out the status, based on what we've seen and the install type.

  721.   switch ($project_data['install_type']) {

  722.     case 'official':

  723.       if ($project_data['existing_version'] === $project_data['recommended'] || $project_data['existing_version'] === $project_data['latest_version']) {

  724.         $project_data['status'] = UPDATE_CURRENT;

  725.       }

  726.       else {

  727.         $project_data['status'] = UPDATE_NOT_CURRENT;

  728.       }

  729.       break;

  730. 

  731.     case 'dev':

  732.       $latest = $available['releases'][$project_data['latest_dev']];

  733.       if (empty($project_data['datestamp'])) {

  734.         $project_data['status'] = UPDATE_NOT_CHECKED;

  735.         $project_data['reason'] = t('Unknown release date');

  736.       }

  737.       elseif (($project_data['datestamp'] + 100 > $latest['date'])) {

  738.         $project_data['status'] = UPDATE_CURRENT;

  739.       }

  740.       else {

  741.         $project_data['status'] = UPDATE_NOT_CURRENT;

  742.       }

  743.       break;

  744. 

  745.     default:

  746.       $project_data['status'] = UPDATE_UNKNOWN;

  747.       $project_data['reason'] = t('Invalid info');

  748.   }

  749. }

  750. 

  751. /**

  752.  * Retrieves data from {cache_update} or empties the cache when necessary.

  753.  *

  754.  * Two very expensive arrays computed by this module are the list of all

  755.  * installed modules and themes (and .info data, project associations, etc), and

  756.  * the current status of the site relative to the currently available releases.

  757.  * These two arrays are cached in the {cache_update} table and used whenever

  758.  * possible. The cache is cleared whenever the administrator visits the status

  759.  * report, available updates report, or the module or theme administration

  760.  * pages, since we should always recompute the most current values on any of

  761.  * those pages.

  762.  *

  763.  * Note: while both of these arrays are expensive to compute (in terms of disk

  764.  * I/O and some fairly heavy CPU processing), neither of these is the actual

  765.  * data about available updates that we have to fetch over the network from

  766.  * updates.drupal.org. That information is stored with the

  767.  * 'update_available_releases' cache ID -- it needs to persist longer than 1

  768.  * hour and never get invalidated just by visiting a page on the site.

  769.  *

  770.  * @param $cid

  771.  *   The cache ID of data to return from the cache. Valid options are

  772.  *   'update_project_data' and 'update_project_projects'.

  773.  *

  774.  * @return

  775.  *   The cached value of the $projects array generated by

  776.  *   update_calculate_project_data() or update_get_projects(), or an empty array

  777.  *   when the cache is cleared.

  778.  */

  779. function update_project_cache($cid) {

  780.   $projects = array();

  781. 

  782.   // On certain paths, we should clear the cache and recompute the projects for

  783.   // update status of the site to avoid presenting stale information.

  784.   $q = $_GET['q'];

  785.   $paths = array(

  786.     'admin/modules',

  787.     'admin/modules/update',

  788.     'admin/appearance',

  789.     'admin/appearance/update',

  790.     'admin/reports',

  791.     'admin/reports/updates',

  792.     'admin/reports/updates/update',

  793.     'admin/reports/status',

  794.     'admin/reports/updates/check',

  795.   );

  796.   if (in_array($q, $paths)) {

  797.     _update_cache_clear($cid);

  798.   }

  799.   else {

  800.     $cache = _update_cache_get($cid);

  801.     if (!empty($cache->data) && $cache->expire > REQUEST_TIME) {

  802.       $projects = $cache->data;

  803.     }

  804.   }

  805.   return $projects;

  806. }

  807. 

  808. /**

  809.  * Filters the project .info data to only save attributes we need.

  810.  *

  811.  * @param array $info

  812.  *   Array of .info file data as returned by drupal_parse_info_file().

  813.  *

  814.  * @return

  815.  *   Array of .info file data we need for the update manager.

  816.  *

  817.  * @see _update_process_info_list()

  818.  */

  819. function update_filter_project_info($info) {

  820.   $whitelist = array(

  821.     '_info_file_ctime',

  822.     'datestamp',

  823.     'major',

  824.     'name',

  825.     'package',

  826.     'project',

  827.     'project status url',

  828.     'version',

  829.   );

  830.   return array_intersect_key($info, drupal_map_assoc($whitelist));

  831. }