drupal/drupal/update.php

<?php
// $Id: update.php,v 1.309 2009/10/24 01:31:05 webchick Exp $

/**
 * Root directory of Drupal installation.
 */
define('DRUPAL_ROOT', getcwd());

/**
 * @file
 * Administrative page for handling updates from one Drupal version to another.
 *
 * Point your browser to "http://www.example.com/update.php" and follow the
 * instructions.
 *
 * If you are not logged in using either the site maintenance account or an
 * account with the "Administer software updates" permission, you will need to
 * modify the access check statement inside your settings.php file. After
 * finishing the upgrade, be sure to open settings.php again, and change it
 * back to its original state!
 */

/**
 * Global flag to identify update.php run, and so avoid various unwanted
 * operations, such as hook_init() and hook_exit() invokes, css/js preprocessing
 * and translation, and solve some theming issues. This flag is checked on several
 * places in Drupal code (not just update.php).
 */
define('MAINTENANCE_MODE', 'update');

function update_selection_page() {
  drupal_set_title('Drupal database update');
  $output = drupal_render(drupal_get_form('update_script_selection_form'));

  update_task_list('select');

  return $output;
}

function update_script_selection_form($form, &$form_state) {
  $count = 0;
  $form['start'] = array(
    '#tree' => TRUE,
    '#type' => 'fieldset',
    '#collapsed' => TRUE,
    '#collapsible' => TRUE,
  );

  // Ensure system.module's updates appear first
  $form['start']['system'] = array();

  $updates = update_get_update_list();
  foreach ($updates as $module => $update) {
    if (!isset($update['start'])) {
      $form['start'][$module] = array(
        '#title' => $module,
        '#item'  => $update['warning'],
        '#prefix' => '<div class="warning">',
        '#suffix' => '</div>',
      );
      continue;
    }
    if (!empty($update['pending'])) {
      $form['start'][$module] = array(
        '#type' => 'hidden',
        '#value' => $update['start'],
      );
      $form['start'][$module . '_updates'] = array(
        '#markup' => theme('item_list', array('items' => $update['pending'], 'title' => $module . ' module')),
      );
    }
    if (isset($update['pending'])) {
      $count = $count + count($update['pending']);
    }
  }

  if (empty($count)) {
    drupal_set_message(t('No pending updates.'));
    unset($form);
    $form['links'] = array(
      '#markup' => theme('item_list', array('items' => update_helpful_links())),
    );
  }
  else {
    $form['help'] = array(
      '#markup' => '<p>The version of Drupal you are updating from has been automatically detected.</p>',
      '#weight' => -5,
    );
    $form['start']['#title'] = format_plural($count, '1 pending update', '@count pending updates');
    $form['has_js'] = array(
      '#type' => 'hidden',
      '#default_value' => FALSE,
    );
    $form['submit'] = array(
      '#type' => 'submit',
      '#value' => 'Apply pending updates',
    );
  }
  return $form;
}

function update_helpful_links() {
  // NOTE: we can't use l() here because the URL would point to 'update.php?q=admin'.
  $links[] = '<a href="' . base_path() . '">Front page</a>';
  $links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
  return $links;
}

function update_results_page() {
  drupal_set_title('Drupal database update');
  $links = update_helpful_links();

  update_task_list();
  // Report end result
  if (module_exists('dblog')) {
    $log_message = ' All errors have been <a href="' . base_path() . '?q=admin/reports/dblog">logged</a>.';
  }
  else {
    $log_message = ' All errors have been logged.';
  }

  if ($_SESSION['update_success']) {
    $output = '<p>Updates were attempted. If you see no failures below, you may proceed happily to the <a href="' . base_path() . '?q=admin">administration pages</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
  }
  else {
    list($module, $version) = array_pop(reset($_SESSION['updates_remaining']));
    $output = '<p class="error">The update process was aborted prematurely while running <strong>update #' . $version . ' in ' . $module . '.module</strong>.' . $log_message;
    if (module_exists('dblog')) {
      $output .= ' You may need to check the <code>watchdog</code> database table manually.';
    }
    $output .= '</p>';
  }

  if (!empty($GLOBALS['update_free_access'])) {
    $output .= "<p><strong>Reminder: don't forget to set the <code>\$update_free_access</code> value in your <code>settings.php</code> file back to <code>FALSE</code>.</strong></p>";
  }

  $output .= theme('item_list', array('items' => $links));

  // Output a list of queries executed
  if (!empty($_SESSION['update_results'])) {
    $output .= '<div id="update-results">';
    $output .= '<h2>The following updates returned messages</h2>';
    foreach ($_SESSION['update_results'] as $module => $updates) {
      $output .= '<h3>' . $module . ' module</h3>';
      foreach ($updates as $number => $queries) {
        if ($number != '#abort') {
          $messages = array();
          foreach ($queries as $query) {
            // If there is no message for this update, don't show anything.
            if (empty($query['query'])) {
              continue;
            }
            if ($query['success']) {
              $messages[] = '<li class="success">' . $query['query'] . '</li>';
            }
            else {
              $messages[] = '<li class="failure"><strong>Failed:</strong> ' . $query['query'] . '</li>';
            }
          }

          if ($messages) {
            $output .= '<h4>Update #' . $number . "</h4>\n";
            $output .= '<ul>' . implode("\n", $messages) . "</ul>\n";
          }
        }
        $output .= '</ul>';
      }
    }
    $output .= '</div>';
  }
  unset($_SESSION['update_results']);
  unset($_SESSION['update_success']);

  return $output;
}

function update_info_page() {
  // Change query-strings on css/js files to enforce reload for all users.
  _drupal_flush_css_js();
  // Flush the cache of all data for the update status module.
  if (db_table_exists('cache_update')) {
    cache_clear_all('*', 'cache_update', TRUE);
  }

  update_task_list('info');
  drupal_set_title('Drupal database update');
  $token = drupal_get_token('update');
  $output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
  $output .= "<ol>\n";
  $output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n";
  $output .= "<li><strong>Back up your code</strong>. Hint: when backing up module code, do not leave that backup in the 'modules' or 'sites/*/modules' directories as this may confuse Drupal's auto-discovery mechanism.</li>\n";
  $output .= '<li>Put your site into <a href="' . base_path() . '?q=admin/config/development/maintenance">maintenance mode</a>.</li>' . "\n";
  $output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n";
  $output .= "</ol>\n";
  $output .= "<p>When you have performed the steps above, you may proceed.</p>\n";
  $output .= '<form method="post" action="update.php?op=selection&amp;token=' . $token . '"><p><input type="submit" value="Continue" /></p></form>';
  $output .= "\n";
  return $output;
}

function update_access_denied_page() {
  drupal_add_http_header('403 Forbidden');
  watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING);
  drupal_set_title('Access denied');
  return '<p>Access denied. You are not authorized to access this page. Please log in using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation). If you cannot log in, you will have to edit <code>settings.php</code> to bypass this access check. To do this:</p>
<ol>
 <li>With a text editor find the settings.php file on your system. From the main Drupal directory that you installed all the files into, go to <code>sites/your_site_name</code> if such directory exists, or else to <code>sites/default</code> which applies otherwise.</li>
 <li>There is a line inside your settings.php file that says <code>$update_free_access = FALSE;</code>. Change it to <code>$update_free_access = TRUE;</code>.</li>
 <li>As soon as the update.php script is done, you must change the settings.php file back to its original form with <code>$update_free_access = FALSE;</code>.</li>
 <li>To avoid having this problem in the future, remember to log in to your website using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation) before you backup your database at the beginning of the update process.</li>
</ol>';
}

/**
 * Determines if the current user is allowed to run update.php.
 *
 * @return
 *   TRUE if the current user should be granted access, or FALSE otherwise.
 */
function update_access_allowed() {
  global $update_free_access, $user;

  // Allow the global variable in settings.php to override the access check.
  if (!empty($update_free_access)) {
    return TRUE;
  }
  // Calls to user_access() might fail during the Drupal 6 to 7 update process,
  // so we fall back on requiring that the user be logged in as user #1.
  try {
    require_once drupal_get_path('module', 'user') . '/user.module';
    return user_access('administer software updates');
  }
  catch (Exception $e) {
    return ($user->uid == 1);
  }
}

/**
 * Add the update task list to the current page.
 */
function update_task_list($active = NULL) {
  // Default list of tasks.
  $tasks = array(
    'requirements' => 'Verify requirements',
    'info' => 'Overview',
    'select' => 'Review updates',
    'run' => 'Run updates',
    'finished' => 'Review log',
  );

  drupal_add_region_content('sidebar_first', theme('task_list', array('items' => $tasks, 'active' => $active)));
}

/**
 * Returns (and optionally stores) extra requirements that only apply during
 * particular parts of the update.php process.
 */
function update_extra_requirements($requirements = NULL) {
  static $extra_requirements = array();
  if (isset($requirements)) {
    $extra_requirements += $requirements;
  }
  return $extra_requirements;
}

/**
 * Check update requirements and report any errors.
 */
function update_check_requirements() {
  // Check the system module and update.php requirements only.
  $requirements = module_invoke('system', 'requirements', 'update');
  $requirements += update_extra_requirements();
  $severity = drupal_requirements_severity($requirements);

  // If there are issues, report them.
  if ($severity == REQUIREMENT_ERROR) {
    update_task_list('requirements');
    drupal_set_title('Requirements problem');
    $status_report = theme('status_report', array('requirements' => $requirements));
    $status_report .= 'Please check the error messages and <a href="' . request_uri() . '">try again</a>.';
    print theme('update_page', array('content' => $status_report));
    exit();
  }
}

// Some unavoidable errors happen because the database is not yet up-to-date.
// Our custom error handler is not yet installed, so we just suppress them.
ini_set('display_errors', FALSE);

// We prepare a minimal bootstrap for the update requirements check to avoid
// reaching the PHP memory limit.
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
require_once DRUPAL_ROOT . '/includes/update.inc';
require_once DRUPAL_ROOT . '/includes/common.inc';
require_once DRUPAL_ROOT . '/includes/entity.inc';
update_prepare_d7_bootstrap();

// Determine if the current user has access to run update.php.
drupal_bootstrap(DRUPAL_BOOTSTRAP_SESSION);

// Only allow the requirements check to proceed if the current user has access
// to run updates (since it may expose sensitive information about the site's
// configuration).
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
if (empty($op) && update_access_allowed()) {
  require_once DRUPAL_ROOT . '/includes/install.inc';
  require_once DRUPAL_ROOT . '/includes/file.inc';
  require_once DRUPAL_ROOT . '/modules/system/system.install';

  // Load module basics.
  include_once DRUPAL_ROOT . '/includes/module.inc';
  $module_list['system']['filename'] = 'modules/system/system.module';
  $module_list['filter']['filename'] = 'modules/filter/filter.module';
  module_list(TRUE, FALSE, FALSE, $module_list);
  drupal_load('module', 'system');
  drupal_load('module', 'filter');

  // Reset the module_implements() cache so that any new hook implementations
  // in updated code are picked up.
  module_implements('', FALSE, TRUE);

  // Set up $language, since the installer components require it.
  drupal_language_initialize();

  // Set up theme system for the maintenance page.
  drupal_maintenance_theme();

  // Check the update requirements for Drupal.
  update_check_requirements();

  // Redirect to the update information page if all requirements were met.
  install_goto('update.php?op=info');
}

// update_fix_d7_requirements() needs to run before bootstrapping beyond path.
// So bootstrap to DRUPAL_BOOTSTRAP_LANGUAGE then include unicode.inc.

drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE);
include_once DRUPAL_ROOT . '/includes/unicode.inc';

update_fix_d7_requirements();

// Now proceed with a full bootstrap.

drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
drupal_maintenance_theme();

// Turn error reporting back on. From now on, only fatal errors (which are
// not passed through the error handler) will cause a message to be printed.
ini_set('display_errors', TRUE);

// Only proceed with updates if the user is allowed to run them.
if (update_access_allowed()) {

  include_once DRUPAL_ROOT . '/includes/install.inc';
  include_once DRUPAL_ROOT . '/includes/batch.inc';
  drupal_load_updates();

  update_fix_compatibility();

  $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
  switch ($op) {
    // update.php ops

    case 'selection':
      if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
        $output = update_selection_page();
        break;
      }

    case 'Apply pending updates':
      if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
        update_batch($_POST['start'], $base_url . '/update.php?op=results', $base_url . '/update.php');
        break;
      }

    case 'info':
      $output = update_info_page();
      break;

    case 'results':
      $output = update_results_page();
      break;

    // Regular batch ops : defer to batch processing API
    default:
      update_task_list('run');
      $output = _batch_page();
      break;
  }
}
else {
  $output = update_access_denied_page();
}
if (isset($output) && $output) {
  // Explictly start a session so that the update.php token will be accepted.
  drupal_session_start();
  // We defer the display of messages until all updates are done.
  $progress_page = ($batch = batch_get()) && isset($batch['running']);
  print theme('update_page', array('content' => $output, 'show_messages' => !$progress_page));
}
1	<?php
2	// $Id: update.php,v 1.309 2009/10/24 01:31:05 webchick Exp $
3
4	/**
5	* Root directory of Drupal installation.
6	*/
7	define('DRUPAL_ROOT', getcwd());
8
9	/**
10	* @file
11	* Administrative page for handling updates from one Drupal version to another.
12	*
13	* Point your browser to "http://www.example.com/update.php" and follow the
14	* instructions.
15	*
16	* If you are not logged in using either the site maintenance account or an
17	* account with the "Administer software updates" permission, you will need to
18	* modify the access check statement inside your settings.php file. After
19	* finishing the upgrade, be sure to open settings.php again, and change it
20	* back to its original state!
21	*/
22
23	/**
24	* Global flag to identify update.php run, and so avoid various unwanted
25	* operations, such as hook_init() and hook_exit() invokes, css/js preprocessing
26	* and translation, and solve some theming issues. This flag is checked on several
27	* places in Drupal code (not just update.php).
28	*/
29	define('MAINTENANCE_MODE', 'update');
30
31	function update_selection_page() {
32	drupal_set_title('Drupal database update');
33	$output = drupal_render(drupal_get_form('update_script_selection_form'));
34
35	update_task_list('select');
36
37	return $output;
38	}
39
40	function update_script_selection_form($form, &$form_state) {
41	$count = 0;
42	$form['start'] = array(
43	'#tree' => TRUE,
44	'#type' => 'fieldset',
45	'#collapsed' => TRUE,
46	'#collapsible' => TRUE,
47	);
48
49	// Ensure system.module's updates appear first
50	$form['start']['system'] = array();
51
52	$updates = update_get_update_list();
53	foreach ($updates as $module => $update) {
54	if (!isset($update['start'])) {
55	$form['start'][$module] = array(
56	'#title' => $module,
57	'#item' => $update['warning'],
58	'#prefix' => '<div class="warning">',
59	'#suffix' => '</div>',
60	);
61	continue;
62	}
63	if (!empty($update['pending'])) {
64	$form['start'][$module] = array(
65	'#type' => 'hidden',
66	'#value' => $update['start'],
67	);
68	$form['start'][$module . '_updates'] = array(
69	'#markup' => theme('item_list', array('items' => $update['pending'], 'title' => $module . ' module')),
70	);
71	}
72	if (isset($update['pending'])) {
73	$count = $count + count($update['pending']);
74	}
75	}
76
77	if (empty($count)) {
78	drupal_set_message(t('No pending updates.'));
79	unset($form);
80	$form['links'] = array(
81	'#markup' => theme('item_list', array('items' => update_helpful_links())),
82	);
83	}
84	else {
85	$form['help'] = array(
86	'#markup' => '<p>The version of Drupal you are updating from has been automatically detected.</p>',
87	'#weight' => -5,
88	);
89	$form['start']['#title'] = format_plural($count, '1 pending update', '@count pending updates');
90	$form['has_js'] = array(
91	'#type' => 'hidden',
92	'#default_value' => FALSE,
93	);
94	$form['submit'] = array(
95	'#type' => 'submit',
96	'#value' => 'Apply pending updates',
97	);
98	}
99	return $form;
100	}
101
102	function update_helpful_links() {
103	// NOTE: we can't use l() here because the URL would point to 'update.php?q=admin'.
104	$links[] = '<a href="' . base_path() . '">Front page</a>';
105	$links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>';
106	return $links;
107	}
108
109	function update_results_page() {
110	drupal_set_title('Drupal database update');
111	$links = update_helpful_links();
112
113	update_task_list();
114	// Report end result
115	if (module_exists('dblog')) {
116	$log_message = ' All errors have been <a href="' . base_path() . '?q=admin/reports/dblog">logged</a>.';
117	}
118	else {
119	$log_message = ' All errors have been logged.';
120	}
121
122	if ($_SESSION['update_success']) {
123	$output = '<p>Updates were attempted. If you see no failures below, you may proceed happily to the <a href="' . base_path() . '?q=admin">administration pages</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>';
124	}
125	else {
126	list($module, $version) = array_pop(reset($_SESSION['updates_remaining']));
127	$output = '<p class="error">The update process was aborted prematurely while running <strong>update #' . $version . ' in ' . $module . '.module</strong>.' . $log_message;
128	if (module_exists('dblog')) {
129	$output .= ' You may need to check the <code>watchdog</code> database table manually.';
130	}
131	$output .= '</p>';
132	}
133
134	if (!empty($GLOBALS['update_free_access'])) {
135	$output .= "<p><strong>Reminder: don't forget to set the <code>\$update_free_access</code> value in your <code>settings.php</code> file back to <code>FALSE</code>.</strong></p>";
136	}
137
138	$output .= theme('item_list', array('items' => $links));
139
140	// Output a list of queries executed
141	if (!empty($_SESSION['update_results'])) {
142	$output .= '<div id="update-results">';
143	$output .= '<h2>The following updates returned messages</h2>';
144	foreach ($_SESSION['update_results'] as $module => $updates) {
145	$output .= '<h3>' . $module . ' module</h3>';
146	foreach ($updates as $number => $queries) {
147	if ($number != '#abort') {
148	$messages = array();
149	foreach ($queries as $query) {
150	// If there is no message for this update, don't show anything.
151	if (empty($query['query'])) {
152	continue;
153	}
154	if ($query['success']) {
155	$messages[] = '<li class="success">' . $query['query'] . '</li>';
156	}
157	else {
158	$messages[] = '<li class="failure"><strong>Failed:</strong> ' . $query['query'] . '</li>';
159	}
160	}
161
162	if ($messages) {
163	$output .= '<h4>Update #' . $number . "</h4>\n";
164	$output .= '<ul>' . implode("\n", $messages) . "</ul>\n";
165	}
166	}
167	$output .= '</ul>';
168	}
169	}
170	$output .= '</div>';
171	}
172	unset($_SESSION['update_results']);
173	unset($_SESSION['update_success']);
174
175	return $output;
176	}
177
178	function update_info_page() {
179	// Change query-strings on css/js files to enforce reload for all users.
180	_drupal_flush_css_js();
181	// Flush the cache of all data for the update status module.
182	if (db_table_exists('cache_update')) {
183	cache_clear_all('*', 'cache_update', TRUE);
184	}
185
186	update_task_list('info');
187	drupal_set_title('Drupal database update');
188	$token = drupal_get_token('update');
189	$output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
190	$output .= "<ol>\n";
191	$output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n";
192	$output .= "<li><strong>Back up your code</strong>. Hint: when backing up module code, do not leave that backup in the 'modules' or 'sites/*/modules' directories as this may confuse Drupal's auto-discovery mechanism.</li>\n";
193	$output .= '<li>Put your site into <a href="' . base_path() . '?q=admin/config/development/maintenance">maintenance mode</a>.</li>' . "\n";
194	$output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n";
195	$output .= "</ol>\n";
196	$output .= "<p>When you have performed the steps above, you may proceed.</p>\n";
197	$output .= '<form method="post" action="update.php?op=selection&token=' . $token . '"><p><input type="submit" value="Continue" /></p></form>';
198	$output .= "\n";
199	return $output;
200	}
201
202	function update_access_denied_page() {
203	drupal_add_http_header('403 Forbidden');
204	watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING);
205	drupal_set_title('Access denied');
206	return '<p>Access denied. You are not authorized to access this page. Please log in using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation). If you cannot log in, you will have to edit <code>settings.php</code> to bypass this access check. To do this:</p>
207	<ol>
208	<li>With a text editor find the settings.php file on your system. From the main Drupal directory that you installed all the files into, go to <code>sites/your_site_name</code> if such directory exists, or else to <code>sites/default</code> which applies otherwise.</li>
209	<li>There is a line inside your settings.php file that says <code>$update_free_access = FALSE;</code>. Change it to <code>$update_free_access = TRUE;</code>.</li>
210	<li>As soon as the update.php script is done, you must change the settings.php file back to its original form with <code>$update_free_access = FALSE;</code>.</li>
211	<li>To avoid having this problem in the future, remember to log in to your website using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation) before you backup your database at the beginning of the update process.</li>
212	</ol>';
213	}
214
215	/**
216	* Determines if the current user is allowed to run update.php.
217	*
218	* @return
219	* TRUE if the current user should be granted access, or FALSE otherwise.
220	*/
221	function update_access_allowed() {
222	global $update_free_access, $user;
223
224	// Allow the global variable in settings.php to override the access check.
225	if (!empty($update_free_access)) {
226	return TRUE;
227	}
228	// Calls to user_access() might fail during the Drupal 6 to 7 update process,
229	// so we fall back on requiring that the user be logged in as user #1.
230	try {
231	require_once drupal_get_path('module', 'user') . '/user.module';
232	return user_access('administer software updates');
233	}
234	catch (Exception $e) {
235	return ($user->uid == 1);
236	}
237	}
238
239	/**
240	* Add the update task list to the current page.
241	*/
242	function update_task_list($active = NULL) {
243	// Default list of tasks.
244	$tasks = array(
245	'requirements' => 'Verify requirements',
246	'info' => 'Overview',
247	'select' => 'Review updates',
248	'run' => 'Run updates',
249	'finished' => 'Review log',
250	);
251
252	drupal_add_region_content('sidebar_first', theme('task_list', array('items' => $tasks, 'active' => $active)));
253	}
254
255	/**
256	* Returns (and optionally stores) extra requirements that only apply during
257	* particular parts of the update.php process.
258	*/
259	function update_extra_requirements($requirements = NULL) {
260	static $extra_requirements = array();
261	if (isset($requirements)) {
262	$extra_requirements += $requirements;
263	}
264	return $extra_requirements;
265	}
266
267	/**
268	* Check update requirements and report any errors.
269	*/
270	function update_check_requirements() {
271	// Check the system module and update.php requirements only.
272	$requirements = module_invoke('system', 'requirements', 'update');
273	$requirements += update_extra_requirements();
274	$severity = drupal_requirements_severity($requirements);
275
276	// If there are issues, report them.
277	if ($severity == REQUIREMENT_ERROR) {
278	update_task_list('requirements');
279	drupal_set_title('Requirements problem');
280	$status_report = theme('status_report', array('requirements' => $requirements));
281	$status_report .= 'Please check the error messages and <a href="' . request_uri() . '">try again</a>.';
282	print theme('update_page', array('content' => $status_report));
283	exit();
284	}
285	}
286
287	// Some unavoidable errors happen because the database is not yet up-to-date.
288	// Our custom error handler is not yet installed, so we just suppress them.
289	ini_set('display_errors', FALSE);
290
291	// We prepare a minimal bootstrap for the update requirements check to avoid
292	// reaching the PHP memory limit.
293	require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
294	require_once DRUPAL_ROOT . '/includes/update.inc';
295	require_once DRUPAL_ROOT . '/includes/common.inc';
296	require_once DRUPAL_ROOT . '/includes/entity.inc';
297	update_prepare_d7_bootstrap();
298
299	// Determine if the current user has access to run update.php.
300	drupal_bootstrap(DRUPAL_BOOTSTRAP_SESSION);
301
302	// Only allow the requirements check to proceed if the current user has access
303	// to run updates (since it may expose sensitive information about the site's
304	// configuration).
305	$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
306	if (empty($op) && update_access_allowed()) {
307	require_once DRUPAL_ROOT . '/includes/install.inc';
308	require_once DRUPAL_ROOT . '/includes/file.inc';
309	require_once DRUPAL_ROOT . '/modules/system/system.install';
310
311	// Load module basics.
312	include_once DRUPAL_ROOT . '/includes/module.inc';
313	$module_list['system']['filename'] = 'modules/system/system.module';
314	$module_list['filter']['filename'] = 'modules/filter/filter.module';
315	module_list(TRUE, FALSE, FALSE, $module_list);
316	drupal_load('module', 'system');
317	drupal_load('module', 'filter');
318
319	// Reset the module_implements() cache so that any new hook implementations
320	// in updated code are picked up.
321	module_implements('', FALSE, TRUE);
322
323	// Set up $language, since the installer components require it.
324	drupal_language_initialize();
325
326	// Set up theme system for the maintenance page.
327	drupal_maintenance_theme();
328
329	// Check the update requirements for Drupal.
330	update_check_requirements();
331
332	// Redirect to the update information page if all requirements were met.
333	install_goto('update.php?op=info');
334	}
335
336	// update_fix_d7_requirements() needs to run before bootstrapping beyond path.
337	// So bootstrap to DRUPAL_BOOTSTRAP_LANGUAGE then include unicode.inc.
338
339	drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE);
340	include_once DRUPAL_ROOT . '/includes/unicode.inc';
341
342	update_fix_d7_requirements();
343
344	// Now proceed with a full bootstrap.
345
346	drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
347	drupal_maintenance_theme();
348
349	// Turn error reporting back on. From now on, only fatal errors (which are
350	// not passed through the error handler) will cause a message to be printed.
351	ini_set('display_errors', TRUE);
352
353	// Only proceed with updates if the user is allowed to run them.
354	if (update_access_allowed()) {
355
356	include_once DRUPAL_ROOT . '/includes/install.inc';
357	include_once DRUPAL_ROOT . '/includes/batch.inc';
358	drupal_load_updates();
359
360	update_fix_compatibility();
361
362	$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
363	switch ($op) {
364	// update.php ops
365
366	case 'selection':
367	if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
368	$output = update_selection_page();
369	break;
370	}
371
372	case 'Apply pending updates':
373	if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
374	update_batch($_POST['start'], $base_url . '/update.php?op=results', $base_url . '/update.php');
375	break;
376	}
377
378	case 'info':
379	$output = update_info_page();
380	break;
381
382	case 'results':
383	$output = update_results_page();
384	break;
385
386	// Regular batch ops : defer to batch processing API
387	default:
388	update_task_list('run');
389	$output = _batch_page();
390	break;
391	}
392	}
393	else {
394	$output = update_access_denied_page();
395	}
396	if (isset($output) && $output) {
397	// Explictly start a session so that the update.php token will be accepted.
398	drupal_session_start();
399	// We defer the display of messages until all updates are done.
400	$progress_page = ($batch = batch_get()) && isset($batch['running']);
401	print theme('update_page', array('content' => $output, 'show_messages' => !$progress_page));
402	}