Skip to content
Snippets Groups Projects
Select Git revision
  • master
  • develop
  • git-fixes
  • 4.1_templates-symlink
  • 4.0_templates
5 results

README

Blame
  • authorize.php 6.45 KiB
    <?php
    
    /**
     * @file
     * Administrative script for running authorized file operations.
     *
     * Using this script, the site owner (the user actually owning the files on the
     * webserver) can authorize certain file-related operations to proceed with
     * elevated privileges, for example to deploy and upgrade modules or themes.
     * Users should not visit this page directly, but instead use an administrative
     * user interface which knows how to redirect the user to this script as part of
     * a multistep process. This script actually performs the selected operations
     * without loading all of Drupal, to be able to more gracefully recover from
     * errors. Access to the script is controlled by a global killswitch in
     * settings.php ('allow_authorize_operations') and via the 'administer software
     * updates' permission.
     *
     * There are helper functions for setting up an operation to run via this
     * system in modules/system/system.module. For more information, see:
     * @link authorize Authorized operation helper functions @endlink
     */
    
    /**
     * Defines the root directory of the Drupal installation.
     */
    define('DRUPAL_ROOT', getcwd());
    
    /**
     * Global flag to identify update.php and authorize.php runs.
     *
     * Identifies update.php and authorize.php runs, avoiding unwanted operations
     * such as hook_init() and hook_exit() invokes, css/js preprocessing and
     * translation, and solves some theming issues. The flag is checked in other
     * places in Drupal code (not just authorize.php).
     */
    define('MAINTENANCE_MODE', 'update');
    
    /**
     * Renders a 403 access denied page for authorize.php.
     */
    function authorize_access_denied_page() {
      drupal_add_http_header('Status', '403 Forbidden');
      watchdog('access denied', 'authorize.php', NULL, WATCHDOG_WARNING);
      drupal_set_title('Access denied');
      return t('You are not allowed to access this page.');
    }
    
    /**
     * Determines if the current user is allowed to run authorize.php.
     *
     * The killswitch in settings.php overrides all else, otherwise, the user must
     * have access to the 'administer software updates' permission.
     *
     * @return
     *   TRUE if the current user can run authorize.php, and FALSE if not.
     */
    function authorize_access_allowed() {
      return variable_get('allow_authorize_operations', TRUE) && user_access('administer software updates');
    }
    
    // *** Real work of the script begins here. ***
    
    require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
    require_once DRUPAL_ROOT . '/includes/common.inc';
    require_once DRUPAL_ROOT . '/includes/file.inc';
    require_once DRUPAL_ROOT . '/includes/module.inc';
    require_once DRUPAL_ROOT . '/includes/ajax.inc';
    
    // We prepare only a minimal bootstrap. This includes the database and
    // variables, however, so we have access to the class autoloader registry.