diff options
author | Dries <dries@buytaert.net> | 2012-02-02 13:10:22 -0500 |
---|---|---|
committer | Dries <dries@buytaert.net> | 2012-02-02 13:10:22 -0500 |
commit | cffbd988245017d0ca098dbcee5c5de831b0c6a1 (patch) | |
tree | 0b56ae830a1f21ab57a1f778ccb687dc64e02cce | |
parent | a5f9c98543c14623193d017e0c2ab66bf8154a6a (diff) | |
download | brdo-cffbd988245017d0ca098dbcee5c5de831b0c6a1.tar.gz brdo-cffbd988245017d0ca098dbcee5c5de831b0c6a1.tar.bz2 |
- Patch #598414 by Tor Arne Thune, Dave Reid: Fixed Links in the update results page lead to 403s.
-rw-r--r-- | modules/system/system.test | 50 | ||||
-rw-r--r-- | update.php | 8 |
2 files changed, 55 insertions, 3 deletions
diff --git a/modules/system/system.test b/modules/system/system.test index f40bd686a..f70dae044 100644 --- a/modules/system/system.test +++ b/modules/system/system.test @@ -2239,6 +2239,56 @@ class UpdateScriptFunctionalTest extends DrupalWebTestCase { $final_theme_data = db_query("SELECT * FROM {system} WHERE type = 'theme' ORDER BY name")->fetchAll(); $this->assertEqual($original_theme_data, $final_theme_data, t('Visiting update.php does not alter the information about themes stored in the database.')); } + + /** + * Tests update.php when there are no updates to apply. + */ + function testNoUpdateFunctionality() { + // Click through update.php with 'administer software updates' permission. + $this->drupalLogin($this->update_user); + $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE)); + $this->assertText(t('No pending updates.')); + $this->assertNoLink('Administration pages'); + $this->clickLink('Front page'); + $this->assertResponse(200); + + // Click through update.php with 'access administration pages' permission. + $admin_user = $this->drupalCreateUser(array('administer software updates', 'access administration pages')); + $this->drupalLogin($admin_user); + $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE)); + $this->assertText(t('No pending updates.')); + $this->clickLink('Administration pages'); + $this->assertResponse(200); + } + + /** + * Tests update.php after performing a successful update. + */ + function testSuccessfulUpdateFunctionality() { + drupal_set_installed_schema_version('update_script_test', drupal_get_installed_schema_version('update_script_test') - 1); + // Click through update.php with 'administer software updates' permission. + $this->drupalLogin($this->update_user); + $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE)); + $this->drupalPost(NULL, array(), t('Apply pending updates')); + $this->assertText('Updates were attempted.'); + $this->assertLink('site'); + $this->assertNoLink('Administration pages'); + $this->assertNoLink('logged'); + $this->clickLink('Front page'); + $this->assertResponse(200); + + drupal_set_installed_schema_version('update_script_test', drupal_get_installed_schema_version('update_script_test') - 1); + // Click through update.php with 'access administration pages' and + // 'access site reports' permissions. + $admin_user = $this->drupalCreateUser(array('administer software updates', 'access administration pages', 'access site reports')); + $this->drupalLogin($admin_user); + $this->drupalPost($this->update_url, array(), t('Continue'), array('external' => TRUE)); + $this->drupalPost(NULL, array(), t('Apply pending updates')); + $this->assertText('Updates were attempted.'); + $this->assertLink('logged'); + $this->clickLink('Administration pages'); + $this->assertResponse(200); + } } /** diff --git a/update.php b/update.php index 2b5d2218b..0c2aaf850 100644 --- a/update.php +++ b/update.php @@ -145,7 +145,9 @@ function update_helpful_links() { // NOTE: we can't use l() here because the URL would point to // 'update.php?q=admin'. $links[] = '<a href="' . base_path() . '">Front page</a>'; - $links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>'; + if (user_access('access administration pages')) { + $links[] = '<a href="' . base_path() . '?q=admin">Administration pages</a>'; + } return $links; } @@ -155,7 +157,7 @@ function update_results_page() { update_task_list(); // Report end result. - if (module_exists('dblog')) { + if (module_exists('dblog') && user_access('access site reports')) { $log_message = ' All errors have been <a href="' . base_path() . '?q=admin/reports/dblog">logged</a>.'; } else { @@ -163,7 +165,7 @@ function update_results_page() { } if ($_SESSION['update_success']) { - $output = '<p>Updates were attempted. If you see no failures below, you may proceed happily to the <a href="' . base_path() . '?q=admin">administration pages</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>'; + $output = '<p>Updates were attempted. If you see no failures below, you may proceed happily back to your <a href="' . base_path() . '">site</a>. Otherwise, you may need to update your database manually.' . $log_message . '</p>'; } else { list($module, $version) = array_pop(reset($_SESSION['updates_remaining'])); |