moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-51261 admin: Support upgrade key requirement on the site upgrade

Browse source 
The upgrade key can be defined in the main config.php as
$CFG->upgradekey.  If it is defined there, then its value must be
provided every time the site is being upgraded, regardless the
administrator is logged in or not.
This commit is contained in:
David Mudrák 2015-09-10 00:39:43 +02:00
parent a277654f7f
commit 98b32c9e7e
5 changed files with 101 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

35
admin/index.php
View file

@ -54,6 +54,16 @@ if (!function_exists('json_encode') || !function_exists('json_decode')) {
define('NO_OUTPUT_BUFFERING', true);
if (isset($_POST['upgradekey'])) {
// Before you start reporting issues about the collision attacks against
// SHA-1, you should understand that we are not actually attempting to do
// any cryptography here. This is hashed purely so that the key is not
// that apparent in the address bar itself. Anyone who catches the HTTP
// traffic can immediately use it as a valid admin key.
header('Location: index.php?cache=0&upgradekeyhash='.sha1($_POST['upgradekey']));
die();
}
if ((isset($_GET['cache']) and $_GET['cache'] === '0')
or (isset($_POST['cache']) and $_POST['cache'] === '0')
or (!isset($_POST['cache']) and !isset($_GET['cache']) and empty($_GET['sesskey']) and empty($_POST['sesskey']))) {
@ -95,10 +105,14 @@ $showallplugins = optional_param('showallplugins', 0, PARAM_BOOL);
$agreelicense = optional_param('agreelicense', 0, PARAM_BOOL);
$fetchupdates = optional_param('fetchupdates', 0, PARAM_BOOL);
$newaddonreq = optional_param('installaddonrequest', null, PARAM_RAW);
$upgradekeyhash = optional_param('upgradekeyhash', null, PARAM_ALPHANUM);
// Set up PAGE.
$url = new moodle_url('/admin/index.php');
$url->param('cache', $cache);
if (isset($upgradekeyhash)) {
$url->param('upgradekeyhash', $upgradekeyhash);
}
$PAGE->set_url($url);
unset($url);
@ -203,7 +217,7 @@ if (!core_tables_exist()) {
$PAGE->set_heading($strinstallation . ' - Moodle ' . $CFG->target_release);
$output = $PAGE->get_renderer('core', 'admin');
$url = new moodle_url('/admin/index.php', array('agreelicense' => 1, 'confirmrelease' => 1, 'lang' => $CFG->lang));
$url = new moodle_url($PAGE->url, array('agreelicense' => 1, 'confirmrelease' => 1, 'lang' => $CFG->lang));
echo $output->unsatisfied_dependencies_page($version, $failed, $url);
die();
}
@ -253,11 +267,13 @@ if (empty($CFG->version)) {
// Detect config cache inconsistency, this happens when you switch branches on dev servers.
if ($CFG->version != $DB->get_field('config', 'value', array('name'=>'version'))) {
purge_all_caches();
redirect(new moodle_url('/admin/index.php'), 'Config cache inconsistency detected, resetting caches...');
redirect(new moodle_url($PAGE->url), 'Config cache inconsistency detected, resetting caches...');
}
if (!$cache and $version > $CFG->version) { // upgrade
check_upgrade_key($upgradekeyhash);
// Warning about upgrading a test site.
$testsite = false;
if (defined('BEHAT_SITE_RUNNING')) {
@ -318,7 +334,7 @@ if (!$cache and $version > $CFG->version) { // upgrade
$PAGE->set_heading($strplugincheck);
$PAGE->set_cacheable(false);
$reloadurl = new moodle_url('/admin/index.php', array('confirmupgrade' => 1, 'confirmrelease' => 1, 'cache' => 0));
$reloadurl = new moodle_url($PAGE->url, array('confirmupgrade' => 1, 'confirmrelease' => 1, 'cache' => 0));
if ($fetchupdates) {
// No sesskey support guaranteed here, because sessions might not work yet.
@ -342,15 +358,15 @@ if (!$cache and $version > $CFG->version) { // upgrade
}
echo $output->upgrade_plugin_check_page(core_plugin_manager::instance(), \core\update\checker::instance(),
$version, $showallplugins, $reloadurl,
new moodle_url('/admin/index.php', array('confirmupgrade'=>1, 'confirmrelease'=>1, 'confirmplugincheck'=>1, 'cache'=>0)));
$version, $showallplugins, $reloadurl, new moodle_url($PAGE->url, array(
'confirmupgrade' => 1, 'confirmrelease' => 1, 'confirmplugincheck' => 1, 'cache' => 0)));
die();
} else {
// Always verify plugin dependencies!
$failed = array();
if (!core_plugin_manager::instance()->all_plugins_ok($version, $failed)) {
$reloadurl = new moodle_url('/admin/index.php', array('confirmupgrade' => 1, 'confirmrelease' => 1, 'cache' => 0));
$reloadurl = new moodle_url($PAGE->url, array('confirmupgrade' => 1, 'confirmrelease' => 1, 'cache' => 0));
echo $output->unsatisfied_dependencies_page($version, $failed, $reloadurl);
die();
}
@ -374,6 +390,9 @@ if (!$cache and $branch <> $CFG->branch) { // Update the branch
}
if (!$cache and moodle_needs_upgrading()) {
check_upgrade_key($upgradekeyhash);
if (!$PAGE->headerprinted) {
// means core upgrade or installation was not already done
@ -413,7 +432,7 @@ if (!$cache and moodle_needs_upgrading()) {
echo $output->upgrade_plugin_check_page(core_plugin_manager::instance(), \core\update\checker::instance(),
$version, $showallplugins,
new moodle_url($PAGE->url),
new moodle_url('/admin/index.php', array('confirmplugincheck'=>1, 'cache'=>0)));
new moodle_url($PAGE->url, array('confirmplugincheck' => 1, 'cache' => 0)));
die();
}
@ -422,7 +441,7 @@ if (!$cache and moodle_needs_upgrading()) {
if (!core_plugin_manager::instance()->all_plugins_ok($version, $failed)) {
/** @var core_admin_renderer $output */
$output = $PAGE->get_renderer('core', 'admin');
$reloadurl = new moodle_url('/admin/index.php', array('cache' => 0));
$reloadurl = new moodle_url($PAGE->url, array('cache' => 0));
echo $output->unsatisfied_dependencies_page($version, $failed, $reloadurl);
die();
}