1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
|
<?php
/**
* @file
*/
use Drupal\Core\Extension\ExtensionVersion;
use Drupal\Core\Hook\Attribute\ProceduralHookScanStop;
use Drupal\Core\Utility\Error;
use Drupal\update\ProjectRelease;
use Drupal\update\UpdateFetcherInterface;
use Drupal\update\UpdateManagerInterface;
use Drupal\update\ProjectCoreCompatibility;
/**
* Determines version and type information for currently installed projects.
*
* Processes the list of projects on the system to figure out the currently
* installed versions, and other information that is required before we can
* compare against the available releases to produce the status report.
*
* @param array $projects
* Array of project information from
* \Drupal\update\UpdateManager::getProjects().
*/
#[ProceduralHookScanStop]
function update_process_project_info(&$projects): void {
foreach ($projects as $key => $project) {
// Assume an official release until we see otherwise.
$install_type = 'official';
$info = $project['info'];
if (isset($info['version'])) {
// Check for development snapshots
if (preg_match('@(dev|HEAD)@', $info['version'])) {
$install_type = 'dev';
}
// Figure out what the currently installed major version is. We need
// to handle both contribution (e.g. "5.x-1.3", major = 1) and core
// (e.g. "5.1", major = 5) version strings.
$matches = [];
if (preg_match('/^(\d+\.x-)?(\d+)\..*$/', $info['version'], $matches)) {
$info['major'] = $matches[2];
}
else {
// This would only happen for version strings that don't follow the
// drupal.org convention.
$info['major'] = -1;
}
}
else {
// No version info available at all.
$install_type = 'unknown';
$info['version'] = t('Unknown');
$info['major'] = -1;
}
// Finally, save the results we care about into the $projects array.
$projects[$key]['existing_version'] = $info['version'];
$projects[$key]['existing_major'] = $info['major'];
$projects[$key]['install_type'] = $install_type;
}
}
/**
* Calculates the current update status of all projects on the site.
*
* The results of this function are expensive to compute, especially on sites
* with lots of modules or themes, since it involves a lot of comparisons and
* other operations. Therefore, we store the results. However, since this is not
* the data about available updates fetched from the network, it is ok to
* invalidate it somewhat quickly. If we keep this data for very long, site
* administrators are more likely to see incorrect results if they upgrade to a
* newer version of a module or theme but do not visit certain pages that
* automatically clear this.
*
* @param array $available
* Data about available project releases.
*
* @return array
* An array of installed projects with current update status information.
*
* @see update_get_available()
* @see \Drupal\update\UpdateManager::getProjects()
* @see update_process_project_info()
* @see \Drupal\update\UpdateManagerInterface::projectStorage()
* @see \Drupal\update\ProjectCoreCompatibility::setReleaseMessage()
*/
function update_calculate_project_data($available) {
// Retrieve the projects from storage, if present.
$projects = \Drupal::service('update.manager')->projectStorage('update_project_data');
// If $projects is empty, then the data must be rebuilt.
// Otherwise, return the data and skip the rest of the function.
if (!empty($projects)) {
return $projects;
}
$projects = \Drupal::service('update.manager')->getProjects();
update_process_project_info($projects);
if (isset($projects['drupal']) && !empty($available['drupal'])) {
// Calculate core status first so that it is complete before
// \Drupal\update\ProjectCoreCompatibility::setReleaseMessage() is called
// for each module below.
update_calculate_project_update_status($projects['drupal'], $available['drupal']);
if (isset($available['drupal']['releases']) && !empty($available['drupal']['supported_branches'])) {
$supported_branches = explode(',', $available['drupal']['supported_branches']);
$project_core_compatibility = new ProjectCoreCompatibility($projects['drupal'], $available['drupal']['releases'], $supported_branches);
}
}
foreach ($projects as $project => $project_info) {
if (isset($available[$project])) {
if ($project === 'drupal') {
continue;
}
update_calculate_project_update_status($projects[$project], $available[$project]);
// Inject the list of compatible core versions to show administrator(s)
// which versions of core a given available update can be installed with.
// Since individual releases of a project can be compatible with different
// versions of core, and even multiple major versions of core (for
// example, 8.9.x and 9.0.x), this list will hopefully help
// administrator(s) know which available updates they can upgrade a given
// project to.
if (isset($project_core_compatibility)) {
$project_core_compatibility->setReleaseMessage($projects[$project]);
}
}
else {
$projects[$project]['status'] = UpdateFetcherInterface::UNKNOWN;
$projects[$project]['reason'] = t('No available releases found');
}
}
// Give other modules a chance to alter the status (for example, to allow a
// contrib module to provide fine-grained settings to ignore specific
// projects or releases).
\Drupal::moduleHandler()->alter('update_status', $projects);
// Store the site's update status for at most 1 hour.
\Drupal::keyValueExpirable('update')->setWithExpire('update_project_data', $projects, 3600);
return $projects;
}
/**
* Calculates the current update status of a specific project.
*
* This function is the heart of the update status feature. For each project it
* is invoked with, it first checks if the project has been flagged with a
* special status like "unsupported" or "insecure", or if the project node
* itself has been unpublished. In any of those cases, the project is marked
* with an error and the next project is considered.
*
* If the project itself is valid, the function decides what major release
* series to consider. The project defines its currently supported branches in
* its Drupal.org for the project, so the first step is to make sure the
* development branch of the current version is still supported. If so, then the
* major version of the current version is used. If the current version is not
* in a supported branch, the next supported branch is used to determine the
* major version to use. There's also a check to make sure that this function
* never recommends an earlier release than the currently installed major
* version.
*
* Given a target major version, the available releases are scanned looking for
* the specific release to recommend (avoiding beta releases and development
* snapshots if possible). For the target major version, the highest patch level
* is found. If there is a release at that patch level with no extra ("beta",
* etc.), then the release at that patch level with the most recent release date
* is recommended. If every release at that patch level has extra (only betas),
* then the latest release from the previous patch level is recommended. For
* example:
*
* - 1.6-bugfix <-- recommended version because 1.6 already exists.
* - 1.6
*
* or
*
* - 1.6-beta
* - 1.5 <-- recommended version because no 1.6 exists.
* - 1.4
*
* Also, the latest release from the same major version is looked for, even beta
* releases, to display to the user as the "Latest version" option.
* Additionally, the latest official release from any higher major versions that
* have been released is searched for to provide a set of "Also available"
* options.
*
* Finally, and most importantly, the release history continues to be scanned
* until the currently installed release is reached, searching for anything
* marked as a security update. If any security updates have been found between
* the recommended release and the installed version, all of the releases that
* included a security fix are recorded so that the site administrator can be
* warned their site is insecure, and links pointing to the release notes for
* each security update can be included (which, in turn, will link to the
* official security announcements for each vulnerability).
*
* This function relies on the fact that the .xml release history data comes
* sorted based on major version and patch level, then finally by release date
* if there are multiple releases such as betas from the same major.patch
* version (e.g., 5.x-1.5-beta1, 5.x-1.5-beta2, and 5.x-1.5). Development
* snapshots for a given major version are always listed last.
*
* NOTE: This function *must* set a value for $project_data['status'] before
* returning, or the rest of the Update Manager will break in unexpected ways.
*
* @param array $project_data
* An array containing information about a specific project.
* @param array $available
* Data about available project releases of a specific project.
*/
function update_calculate_project_update_status(&$project_data, $available): void {
foreach (['title', 'link'] as $attribute) {
if (!isset($project_data[$attribute]) && isset($available[$attribute])) {
$project_data[$attribute] = $available[$attribute];
}
}
// If the project status is marked as something bad, there's nothing else
// to consider.
if (isset($available['project_status'])) {
switch ($available['project_status']) {
case 'insecure':
$project_data['status'] = UpdateManagerInterface::NOT_SECURE;
if (empty($project_data['extra'])) {
$project_data['extra'] = [];
}
$project_data['extra'][] = [
'label' => t('Project not secure'),
'data' => t('This project has been labeled insecure by the Drupal security team, and is no longer available for download. Immediately uninstalling everything included by this project is strongly recommended!'),
];
break;
case 'unpublished':
case 'revoked':
$project_data['status'] = UpdateManagerInterface::REVOKED;
if (empty($project_data['extra'])) {
$project_data['extra'] = [];
}
$project_data['extra'][] = [
'label' => t('Project revoked'),
'data' => t('This project has been revoked, and is no longer available for download. Uninstalling everything included by this project is strongly recommended!'),
];
break;
case 'unsupported':
$project_data['status'] = UpdateManagerInterface::NOT_SUPPORTED;
if (empty($project_data['extra'])) {
$project_data['extra'] = [];
}
$project_data['extra'][] = [
'label' => t('Project not supported'),
'data' => t('This project is no longer supported, and is no longer available for download. Uninstalling everything included by this project is strongly recommended!'),
];
break;
case 'not-fetched':
$project_data['status'] = UpdateFetcherInterface::NOT_FETCHED;
$project_data['reason'] = t('Failed to get available update data.');
break;
default:
// Assume anything else (e.g. 'published') is valid and we should
// perform the rest of the logic in this function.
break;
}
}
if (!empty($project_data['status'])) {
// We already know the status for this project, so there's nothing else to
// compute. Record the project status into $project_data and we're done.
$project_data['project_status'] = $available['project_status'];
return;
}
// Figure out the target major version.
// Off Drupal.org, '0' could be a valid version string, so don't use empty().
if (!isset($project_data['existing_version']) || $project_data['existing_version'] === '') {
$project_data['status'] = UpdateFetcherInterface::UNKNOWN;
$project_data['reason'] = t('Empty version');
return;
}
try {
$existing_major = ExtensionVersion::createFromVersionString($project_data['existing_version'])->getMajorVersion();
}
catch (UnexpectedValueException $exception) {
// If the version has an unexpected value we can't determine updates.
$project_data['status'] = UpdateFetcherInterface::UNKNOWN;
$project_data['reason'] = t('Invalid version: @existing_version', ['@existing_version' => $project_data['existing_version']]);
return;
}
$supported_branches = [];
if (isset($available['supported_branches'])) {
$supported_branches = explode(',', $available['supported_branches']);
}
$is_in_supported_branch = function ($version) use ($supported_branches) {
foreach ($supported_branches as $supported_branch) {
if (str_starts_with($version, $supported_branch)) {
return TRUE;
}
}
return FALSE;
};
if ($is_in_supported_branch($project_data['existing_version'])) {
// Still supported, stay at the current major version.
$target_major = $existing_major;
}
elseif ($supported_branches) {
// We know the current release is unsupported since it is not in
// 'supported_branches' list. We should use the next valid supported
// branch for the target major version.
$project_data['status'] = UpdateManagerInterface::NOT_SUPPORTED;
foreach ($supported_branches as $supported_branch) {
try {
$target_major = ExtensionVersion::createFromSupportBranch($supported_branch)->getMajorVersion();
break;
}
catch (UnexpectedValueException $exception) {
continue;
}
}
if (!isset($target_major)) {
// If there are no valid support branches, use the current major.
$target_major = $existing_major;
}
}
else {
// Malformed XML file? Stick with the current branch.
$target_major = $existing_major;
}
// Make sure we never tell the admin to downgrade. If we recommended an
// earlier version than the one they're running, they'd face an
// impossible data migration problem, since Drupal never supports a DB
// downgrade path. In the unfortunate case that what they're running is
// unsupported, and there's nothing newer for them to upgrade to, we
// can't print out a "Recommended version", but just have to tell them
// what they have is unsupported and let them figure it out.
$target_major = max($existing_major, $target_major);
// If the project is marked as UpdateFetcherInterface::FETCH_PENDING, it
// means that the data we currently have (if any) is stale, and we've got a
// task queued up to (re)fetch the data. In that case, we mark it as such,
// merge in whatever data we have (e.g. project title and link), and move on.
if (!empty($available['fetch_status']) && $available['fetch_status'] == UpdateFetcherInterface::FETCH_PENDING) {
$project_data['status'] = UpdateFetcherInterface::FETCH_PENDING;
$project_data['reason'] = t('No available update data');
$project_data['fetch_status'] = $available['fetch_status'];
return;
}
// Defend ourselves from XML history files that contain no releases.
if (empty($available['releases'])) {
$project_data['status'] = UpdateFetcherInterface::UNKNOWN;
$project_data['reason'] = t('No available releases found');
return;
}
$recommended_version_without_extra = '';
$recommended_release = NULL;
$release_is_supported = FALSE;
foreach ($available['releases'] as $version => $release_info) {
try {
$release = ProjectRelease::createFromArray($release_info);
}
catch (UnexpectedValueException $exception) {
// Ignore releases that are in an invalid format. Although this is highly
// unlikely we should still process releases in the correct format.
Error::logException(\Drupal::logger('update'), $exception, 'Invalid project format: @release', ['@release' => print_r($release_info, TRUE)]);
continue;
}
try {
$release_module_version = ExtensionVersion::createFromVersionString($release->getVersion());
}
catch (UnexpectedValueException) {
continue;
}
// This release is supported only if it is in a supported branch and is
// not unsupported.
$release_is_supported = $is_in_supported_branch($release->getVersion()) && !$release->isUnsupported();
// First, if this is the existing release, check a few conditions.
if ($project_data['existing_version'] === $version) {
if ($release->isInsecure()) {
$project_data['status'] = UpdateManagerInterface::NOT_SECURE;
}
elseif (!$release->isPublished()) {
$project_data['status'] = UpdateManagerInterface::REVOKED;
if (empty($project_data['extra'])) {
$project_data['extra'] = [];
}
$project_data['extra'][] = [
'class' => ['release-revoked'],
'label' => t('Release revoked'),
'data' => t('Your currently installed release has been revoked, and is no longer available for download. Uninstalling everything included in this release or upgrading is strongly recommended!'),
];
}
elseif (!$release_is_supported) {
$project_data['status'] = UpdateManagerInterface::NOT_SUPPORTED;
if (empty($project_data['extra'])) {
$project_data['extra'] = [];
}
if (empty($project_data['recommended']) && empty($project_data['also'])) {
$unsupported_message = t('Your currently installed release is now unsupported, is no longer available for download and no update is available. Uninstalling everything included in this release is strongly recommended!');
}
else {
$unsupported_message = t('Your currently installed release is now unsupported, and is no longer available for download. Uninstalling everything included in this release or upgrading is strongly recommended!');
}
$project_data['extra'][] = [
'class' => ['release-not-supported'],
'label' => t('Release not supported'),
'data' => $unsupported_message,
];
}
}
// Other than the currently installed release, ignore unpublished, insecure,
// or unsupported updates.
elseif (!$release->isPublished() ||
!$release_is_supported ||
$release->isInsecure()
) {
continue;
}
// Ignore dev releases with no date. These are either broken releases or
// stub releases to allow them to be selected on drupal.org project issues.
elseif ($release->getDate() === NULL && $release_module_version->getVersionExtra() === 'dev') {
continue;
}
$release_major_version = $release_module_version->getMajorVersion();
// See if this is a higher major version than our target and yet still
// supported. If so, record it as an "Also available" release.
if ($release_major_version > $target_major) {
if (!isset($project_data['also'])) {
$project_data['also'] = [];
}
if (!isset($project_data['also'][$release_major_version])) {
$project_data['also'][$release_major_version] = $version;
$project_data['releases'][$version] = $release_info;
}
// Otherwise, this release can't matter to us, since it's neither
// from the release series we're currently using nor the recommended
// release. We don't even care about security updates for this
// branch, since if a project maintainer puts out a security release
// at a higher major version and not at the lower major version,
// they must remove the lower version from the supported major
// versions at the same time, in which case we won't hit this code.
continue;
}
// Look for the 'latest version' if we haven't found it yet. Latest is
// defined as the most recent version for the target major version.
if (!isset($project_data['latest_version'])
&& $release_major_version == $target_major) {
$project_data['latest_version'] = $version;
$project_data['releases'][$version] = $release_info;
}
// Look for the development snapshot release for this branch.
if (!isset($project_data['dev_version'])
&& $release_major_version == $target_major
&& $release_module_version->getVersionExtra() === 'dev') {
$project_data['dev_version'] = $version;
$project_data['releases'][$version] = $release_info;
}
if ($release_module_version->getVersionExtra()) {
$release_version_without_extra = str_replace('-' . $release_module_version->getVersionExtra(), '', $release->getVersion());
}
else {
$release_version_without_extra = $release->getVersion();
}
// Look for the 'recommended' version if we haven't found it yet (see
// PHPDoc at the top of this function for the definition).
if (!isset($project_data['recommended'])
&& $release_major_version == $target_major && $release_is_supported) {
if ($recommended_version_without_extra !== $release_version_without_extra) {
$recommended_version_without_extra = $release_version_without_extra;
$recommended_release = $release_info;
}
if ($release_module_version->getVersionExtra() === NULL) {
$project_data['recommended'] = $recommended_release['version'];
$project_data['releases'][$recommended_release['version']] = $recommended_release;
}
}
// Stop searching once we hit the currently installed version.
if ($project_data['existing_version'] === $version) {
break;
}
// If we're running a dev snapshot and have a timestamp, stop
// searching for security updates once we hit an official release
// older than what we've got. Allow 100 seconds of leeway to handle
// differences between the datestamp in the .info.yml file and the
// timestamp of the tarball itself (which are usually off by 1 or 2
// seconds) so that we don't flag that as a new release.
if ($project_data['install_type'] == 'dev') {
if (empty($project_data['datestamp'])) {
// We don't have current timestamp info, so we can't know.
continue;
}
elseif ($release->getDate() && $project_data['datestamp'] + 100 > $release->getDate()) {
// We're newer than this, so we can skip it.
continue;
}
}
if ($release->isSecurityRelease()) {
$project_data['security updates'][] = $release_info;
}
}
// If we were unable to find a recommended version, then make the latest
// version the recommended version if possible.
if (!isset($project_data['recommended']) && isset($project_data['latest_version']) && $release_is_supported) {
$project_data['recommended'] = $project_data['latest_version'];
}
if (isset($project_data['status'])) {
// If we already know the status, we're done.
return;
}
// If we don't know what to recommend, there's nothing we can report.
// Bail out early.
if (!isset($project_data['recommended'])) {
$project_data['status'] = UpdateFetcherInterface::UNKNOWN;
$project_data['reason'] = t('No available releases found');
return;
}
// If we're running a dev snapshot, compare the date of the dev snapshot
// with the latest official version, and record the absolute latest in
// 'latest_dev' so we can correctly decide if there's a newer release
// than our current snapshot.
if ($project_data['install_type'] == 'dev') {
if (isset($project_data['dev_version']) && $available['releases'][$project_data['dev_version']]['date'] > $available['releases'][$project_data['latest_version']]['date']) {
$project_data['latest_dev'] = $project_data['dev_version'];
}
else {
$project_data['latest_dev'] = $project_data['latest_version'];
}
}
// Figure out the status, based on what we've seen and the install type.
switch ($project_data['install_type']) {
case 'official':
if ($project_data['existing_version'] === $project_data['recommended'] || $project_data['existing_version'] === $project_data['latest_version']) {
$project_data['status'] = UpdateManagerInterface::CURRENT;
}
else {
$project_data['status'] = UpdateManagerInterface::NOT_CURRENT;
}
break;
case 'dev':
$latest = $available['releases'][$project_data['latest_dev']];
if (empty($project_data['datestamp'])) {
$project_data['status'] = UpdateFetcherInterface::NOT_CHECKED;
$project_data['reason'] = t('Unknown release date');
}
elseif (($project_data['datestamp'] + 100 > $latest['date'])) {
$project_data['status'] = UpdateManagerInterface::CURRENT;
}
else {
$project_data['status'] = UpdateManagerInterface::NOT_CURRENT;
}
break;
default:
$project_data['status'] = UpdateFetcherInterface::UNKNOWN;
$project_data['reason'] = t('Invalid info');
}
}
|
