update.compare.inc

Same filename in other branches
  1. 7.x modules/update/update.compare.inc
  2. 9 core/modules/update/update.compare.inc
  3. 10 core/modules/update/update.compare.inc
  4. 11.x core/modules/update/update.compare.inc

Code required only when comparing available updates to existing data.

File

core/modules/update/update.compare.inc

View source
<?php


/**
 * @file
 * Code required only when comparing available updates to existing data.
 */
use Drupal\update\UpdateFetcherInterface;
use Drupal\update\UpdateManagerInterface;
use Drupal\update\ModuleVersion;
use Drupal\update\ProjectCoreCompatibility;

/**
 * Determines version and type information for currently installed projects.
 *
 * Processes the list of projects on the system to figure out the currently
 * installed versions, and other information that is required before we can
 * compare against the available releases to produce the status report.
 *
 * @param $projects
 *   Array of project information from
 *   \Drupal\update\UpdateManager::getProjects().
 */
function update_process_project_info(&$projects) {
    foreach ($projects as $key => $project) {
        // Assume an official release until we see otherwise.
        $install_type = 'official';
        $info = $project['info'];
        if (isset($info['version'])) {
            // Check for development snapshots
            if (preg_match('@(dev|HEAD)@', $info['version'])) {
                $install_type = 'dev';
            }
            // Figure out what the currently installed major version is. We need
            // to handle both contribution (e.g. "5.x-1.3", major = 1) and core
            // (e.g. "5.1", major = 5) version strings.
            $matches = [];
            if (preg_match('/^(\\d+\\.x-)?(\\d+)\\..*$/', $info['version'], $matches)) {
                $info['major'] = $matches[2];
            }
            elseif (!isset($info['major'])) {
                // This would only happen for version strings that don't follow the
                // drupal.org convention. We let contribs define "major" in their
                // .info.yml in this case, and only if that's missing would we hit this.
                $info['major'] = -1;
            }
        }
        else {
            // No version info available at all.
            $install_type = 'unknown';
            $info['version'] = t('Unknown');
            $info['major'] = -1;
        }
        // Finally, save the results we care about into the $projects array.
        $projects[$key]['existing_version'] = $info['version'];
        $projects[$key]['existing_major'] = $info['major'];
        $projects[$key]['install_type'] = $install_type;
    }
}

/**
 * Calculates the current update status of all projects on the site.
 *
 * The results of this function are expensive to compute, especially on sites
 * with lots of modules or themes, since it involves a lot of comparisons and
 * other operations. Therefore, we store the results. However, since this is not
 * the data about available updates fetched from the network, it is ok to
 * invalidate it somewhat quickly. If we keep this data for very long, site
 * administrators are more likely to see incorrect results if they upgrade to a
 * newer version of a module or theme but do not visit certain pages that
 * automatically clear this.
 *
 * @param array $available
 *   Data about available project releases.
 *
 * @return
 *   An array of installed projects with current update status information.
 *
 * @see update_get_available()
 * @see \Drupal\update\UpdateManager::getProjects()
 * @see update_process_project_info()
 * @see \Drupal\update\UpdateManagerInterface::projectStorage()
 * @see \Drupal\update\ProjectCoreCompatibility::setReleaseMessage()
 */
function update_calculate_project_data($available) {
    // Retrieve the projects from storage, if present.
    $projects = \Drupal::service('update.manager')->projectStorage('update_project_data');
    // If $projects is empty, then the data must be rebuilt.
    // Otherwise, return the data and skip the rest of the function.
    if (!empty($projects)) {
        return $projects;
    }
    $projects = \Drupal::service('update.manager')->getProjects();
    update_process_project_info($projects);
    if (isset($projects['drupal']) && !empty($available['drupal'])) {
        // Calculate core status first so that it is complete before
        // \Drupal\update\ProjectCoreCompatibility::setReleaseMessage() is called
        // for each module below.
        update_calculate_project_update_status($projects['drupal'], $available['drupal']);
        if (isset($available['drupal']['releases'])) {
            $project_core_compatibility = new ProjectCoreCompatibility($projects['drupal'], $available['drupal']['releases']);
        }
    }
    foreach ($projects as $project => $project_info) {
        if (isset($available[$project])) {
            if ($project === 'drupal') {
                continue;
            }
            update_calculate_project_update_status($projects[$project], $available[$project]);
            // Inject the list of compatible core versions to show administrator(s)
            // which versions of core a given available update can be installed with.
            // Since individual releases of a project can be compatible with different
            // versions of core, and even multiple major versions of core (for
            // example, 8.9.x and 9.0.x), this list will hopefully help
            // administrator(s) know which available updates they can upgrade a given
            // project to.
            if (isset($project_core_compatibility)) {
                $project_core_compatibility->setReleaseMessage($projects[$project]);
            }
        }
        else {
            $projects[$project]['status'] = UpdateFetcherInterface::UNKNOWN;
            $projects[$project]['reason'] = t('No available releases found');
        }
    }
    // Give other modules a chance to alter the status (for example, to allow a
    // contrib module to provide fine-grained settings to ignore specific
    // projects or releases).
    \Drupal::moduleHandler()->alter('update_status', $projects);
    // Store the site's update status for at most 1 hour.
    \Drupal::keyValueExpirable('update')->setWithExpire('update_project_data', $projects, 3600);
    return $projects;
}

/**
 * Calculates the current update status of a specific project.
 *
 * This function is the heart of the update status feature. For each project it
 * is invoked with, it first checks if the project has been flagged with a
 * special status like "unsupported" or "insecure", or if the project node
 * itself has been unpublished. In any of those cases, the project is marked
 * with an error and the next project is considered.
 *
 * If the project itself is valid, the function decides what major release
 * series to consider. The project defines its currently supported branches in
 * its Drupal.org for the project, so the first step is to make sure the
 * development branch of the current version is still supported. If so, then the
 * major version of the current version is used. If the current version is not
 * in a supported branch, the next supported branch is used to determine the
 * major version to use. There's also a check to make sure that this function
 * never recommends an earlier release than the currently installed major
 * version.
 *
 * Given a target major version, the available releases are scanned looking for
 * the specific release to recommend (avoiding beta releases and development
 * snapshots if possible). For the target major version, the highest patch level
 * is found. If there is a release at that patch level with no extra ("beta",
 * etc.), then the release at that patch level with the most recent release date
 * is recommended. If every release at that patch level has extra (only betas),
 * then the latest release from the previous patch level is recommended. For
 * example:
 *
 * - 1.6-bugfix <-- recommended version because 1.6 already exists.
 * - 1.6
 *
 * or
 *
 * - 1.6-beta
 * - 1.5 <-- recommended version because no 1.6 exists.
 * - 1.4
 *
 * Also, the latest release from the same major version is looked for, even beta
 * releases, to display to the user as the "Latest version" option.
 * Additionally, the latest official release from any higher major versions that
 * have been released is searched for to provide a set of "Also available"
 * options.
 *
 * Finally, and most importantly, the release history continues to be scanned
 * until the currently installed release is reached, searching for anything
 * marked as a security update. If any security updates have been found between
 * the recommended release and the installed version, all of the releases that
 * included a security fix are recorded so that the site administrator can be
 * warned their site is insecure, and links pointing to the release notes for
 * each security update can be included (which, in turn, will link to the
 * official security announcements for each vulnerability).
 *
 * This function relies on the fact that the .xml release history data comes
 * sorted based on major version and patch level, then finally by release date
 * if there are multiple releases such as betas from the same major.patch
 * version (e.g., 5.x-1.5-beta1, 5.x-1.5-beta2, and 5.x-1.5). Development
 * snapshots for a given major version are always listed last.
 *
 * NOTE: This function *must* set a value for $project_data['status'] before
 * returning, or the rest of the Update Manager will break in unexpected ways.
 *
 * @param $project_data
 *   An array containing information about a specific project.
 * @param $available
 *   Data about available project releases of a specific project.
 */
function update_calculate_project_update_status(&$project_data, $available) {
    foreach ([
        'title',
        'link',
    ] as $attribute) {
        if (!isset($project_data[$attribute]) && isset($available[$attribute])) {
            $project_data[$attribute] = $available[$attribute];
        }
    }
    // If the project status is marked as something bad, there's nothing else
    // to consider.
    if (isset($available['project_status'])) {
        switch ($available['project_status']) {
            case 'insecure':
                $project_data['status'] = UpdateManagerInterface::NOT_SECURE;
                if (empty($project_data['extra'])) {
                    $project_data['extra'] = [];
                }
                $project_data['extra'][] = [
                    'label' => t('Project not secure'),
                    'data' => t('This project has been labeled insecure by the Drupal security team, and is no longer available for download. Immediately disabling everything included by this project is strongly recommended!'),
                ];
                break;
            case 'unpublished':
            case 'revoked':
                $project_data['status'] = UpdateManagerInterface::REVOKED;
                if (empty($project_data['extra'])) {
                    $project_data['extra'] = [];
                }
                $project_data['extra'][] = [
                    'label' => t('Project revoked'),
                    'data' => t('This project has been revoked, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),
                ];
                break;
            case 'unsupported':
                $project_data['status'] = UpdateManagerInterface::NOT_SUPPORTED;
                if (empty($project_data['extra'])) {
                    $project_data['extra'] = [];
                }
                $project_data['extra'][] = [
                    'label' => t('Project not supported'),
                    'data' => t('This project is no longer supported, and is no longer available for download. Disabling everything included by this project is strongly recommended!'),
                ];
                break;
            case 'not-fetched':
                $project_data['status'] = UpdateFetcherInterface::NOT_FETCHED;
                $project_data['reason'] = t('Failed to get available update data.');
                break;
            default:
                // Assume anything else (e.g. 'published') is valid and we should
                // perform the rest of the logic in this function.
                break;
        }
    }
    if (!empty($project_data['status'])) {
        // We already know the status for this project, so there's nothing else to
        // compute. Record the project status into $project_data and we're done.
        $project_data['project_status'] = $available['project_status'];
        return;
    }
    // Figure out the target major version.
    // Off Drupal.org, '0' could be a valid version string, so don't use empty().
    if (!isset($project_data['existing_version']) || $project_data['existing_version'] === '') {
        $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
        $project_data['reason'] = t('Empty version');
        return;
    }
    try {
        $existing_major = ModuleVersion::createFromVersionString($project_data['existing_version'])->getMajorVersion();
    } catch (UnexpectedValueException $exception) {
        // If the version has an unexpected value we can't determine updates.
        $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
        $project_data['reason'] = t('Invalid version: @existing_version', [
            '@existing_version' => $project_data['existing_version'],
        ]);
        return;
    }
    $supported_branches = [];
    if (isset($available['supported_branches'])) {
        $supported_branches = explode(',', $available['supported_branches']);
    }
    $is_in_supported_branch = function ($version) use ($supported_branches) {
        foreach ($supported_branches as $supported_branch) {
            if (strpos($version, $supported_branch) === 0) {
                return TRUE;
            }
        }
        return FALSE;
    };
    if ($is_in_supported_branch($project_data['existing_version'])) {
        // Still supported, stay at the current major version.
        $target_major = $existing_major;
    }
    elseif ($supported_branches) {
        // We know the current release is unsupported since it is not in
        // 'supported_branches' list. We should use the next valid supported
        // branch for the target major version.
        $project_data['status'] = UpdateManagerInterface::NOT_SUPPORTED;
        foreach ($supported_branches as $supported_branch) {
            try {
                $target_major = ModuleVersion::createFromSupportBranch($supported_branch)->getMajorVersion();
            } catch (UnexpectedValueException $exception) {
                continue;
            }
        }
        if (!isset($target_major)) {
            // If there are no valid support branches, use the current major.
            $target_major = $existing_major;
        }
    }
    else {
        // Malformed XML file? Stick with the current branch.
        $target_major = $existing_major;
    }
    // Make sure we never tell the admin to downgrade. If we recommended an
    // earlier version than the one they're running, they'd face an
    // impossible data migration problem, since Drupal never supports a DB
    // downgrade path. In the unfortunate case that what they're running is
    // unsupported, and there's nothing newer for them to upgrade to, we
    // can't print out a "Recommended version", but just have to tell them
    // what they have is unsupported and let them figure it out.
    $target_major = max($existing_major, $target_major);
    // If the project is marked as UpdateFetcherInterface::FETCH_PENDING, it
    // means that the data we currently have (if any) is stale, and we've got a
    // task queued up to (re)fetch the data. In that case, we mark it as such,
    // merge in whatever data we have (e.g. project title and link), and move on.
    if (!empty($available['fetch_status']) && $available['fetch_status'] == UpdateFetcherInterface::FETCH_PENDING) {
        $project_data['status'] = UpdateFetcherInterface::FETCH_PENDING;
        $project_data['reason'] = t('No available update data');
        $project_data['fetch_status'] = $available['fetch_status'];
        return;
    }
    // Defend ourselves from XML history files that contain no releases.
    if (empty($available['releases'])) {
        $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
        $project_data['reason'] = t('No available releases found');
        return;
    }
    $recommended_version_without_extra = '';
    $recommended_release = NULL;
    foreach ($available['releases'] as $version => $release) {
        try {
            $release_module_version = ModuleVersion::createFromVersionString($release['version']);
        } catch (UnexpectedValueException $exception) {
            continue;
        }
        // First, if this is the existing release, check a few conditions.
        if ($project_data['existing_version'] === $version) {
            if (isset($release['terms']['Release type']) && in_array('Insecure', $release['terms']['Release type'])) {
                $project_data['status'] = UpdateManagerInterface::NOT_SECURE;
            }
            elseif ($release['status'] == 'unpublished') {
                $project_data['status'] = UpdateManagerInterface::REVOKED;
                if (empty($project_data['extra'])) {
                    $project_data['extra'] = [];
                }
                $project_data['extra'][] = [
                    'class' => [
                        'release-revoked',
                    ],
                    'label' => t('Release revoked'),
                    'data' => t('Your currently installed release has been revoked, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),
                ];
            }
            elseif (isset($release['terms']['Release type']) && in_array('Unsupported', $release['terms']['Release type'])) {
                $project_data['status'] = UpdateManagerInterface::NOT_SUPPORTED;
                if (empty($project_data['extra'])) {
                    $project_data['extra'] = [];
                }
                $project_data['extra'][] = [
                    'class' => [
                        'release-not-supported',
                    ],
                    'label' => t('Release not supported'),
                    'data' => t('Your currently installed release is now unsupported, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!'),
                ];
            }
        }
        elseif ($release['status'] == 'unpublished' || !$is_in_supported_branch($release['version']) || isset($release['terms']['Release type']) && (in_array('Insecure', $release['terms']['Release type']) || in_array('Unsupported', $release['terms']['Release type']))) {
            continue;
        }
        $release_major_version = $release_module_version->getMajorVersion();
        // See if this is a higher major version than our target and yet still
        // supported. If so, record it as an "Also available" release.
        if ($release_major_version > $target_major) {
            if (!isset($project_data['also'])) {
                $project_data['also'] = [];
            }
            if (!isset($project_data['also'][$release_major_version])) {
                $project_data['also'][$release_major_version] = $version;
                $project_data['releases'][$version] = $release;
            }
            // Otherwise, this release can't matter to us, since it's neither
            // from the release series we're currently using nor the recommended
            // release. We don't even care about security updates for this
            // branch, since if a project maintainer puts out a security release
            // at a higher major version and not at the lower major version,
            // they must remove the lower version from the supported major
            // versions at the same time, in which case we won't hit this code.
            continue;
        }
        // Look for the 'latest version' if we haven't found it yet. Latest is
        // defined as the most recent version for the target major version.
        if (!isset($project_data['latest_version']) && $release_major_version == $target_major) {
            $project_data['latest_version'] = $version;
            $project_data['releases'][$version] = $release;
        }
        // Look for the development snapshot release for this branch.
        if (!isset($project_data['dev_version']) && $release_major_version == $target_major && $release_module_version->getVersionExtra() === 'dev') {
            $project_data['dev_version'] = $version;
            $project_data['releases'][$version] = $release;
        }
        if ($release_module_version->getVersionExtra()) {
            $release_version_without_extra = str_replace('-' . $release_module_version->getVersionExtra(), '', $release['version']);
        }
        else {
            $release_version_without_extra = $release['version'];
        }
        // Look for the 'recommended' version if we haven't found it yet (see
        // phpdoc at the top of this function for the definition).
        if (!isset($project_data['recommended']) && $release_major_version == $target_major) {
            if ($recommended_version_without_extra !== $release_version_without_extra) {
                $recommended_version_without_extra = $release_version_without_extra;
                $recommended_release = $release;
            }
            if ($release_module_version->getVersionExtra() === NULL) {
                $project_data['recommended'] = $recommended_release['version'];
                $project_data['releases'][$recommended_release['version']] = $recommended_release;
            }
        }
        // Stop searching once we hit the currently installed version.
        if ($project_data['existing_version'] === $version) {
            break;
        }
        // If we're running a dev snapshot and have a timestamp, stop
        // searching for security updates once we hit an official release
        // older than what we've got. Allow 100 seconds of leeway to handle
        // differences between the datestamp in the .info.yml file and the
        // timestamp of the tarball itself (which are usually off by 1 or 2
        // seconds) so that we don't flag that as a new release.
        if ($project_data['install_type'] == 'dev') {
            if (empty($project_data['datestamp'])) {
                // We don't have current timestamp info, so we can't know.
                continue;
            }
            elseif (isset($release['date']) && $project_data['datestamp'] + 100 > $release['date']) {
                // We're newer than this, so we can skip it.
                continue;
            }
        }
        // See if this release is a security update.
        if (isset($release['terms']['Release type']) && in_array('Security update', $release['terms']['Release type'])) {
            $project_data['security updates'][] = $release;
        }
    }
    // If we were unable to find a recommended version, then make the latest
    // version the recommended version if possible.
    if (!isset($project_data['recommended']) && isset($project_data['latest_version'])) {
        $project_data['recommended'] = $project_data['latest_version'];
    }
    if (isset($project_data['status'])) {
        // If we already know the status, we're done.
        return;
    }
    // If we don't know what to recommend, there's nothing we can report.
    // Bail out early.
    if (!isset($project_data['recommended'])) {
        $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
        $project_data['reason'] = t('No available releases found');
        return;
    }
    // If we're running a dev snapshot, compare the date of the dev snapshot
    // with the latest official version, and record the absolute latest in
    // 'latest_dev' so we can correctly decide if there's a newer release
    // than our current snapshot.
    if ($project_data['install_type'] == 'dev') {
        if (isset($project_data['dev_version']) && $available['releases'][$project_data['dev_version']]['date'] > $available['releases'][$project_data['latest_version']]['date']) {
            $project_data['latest_dev'] = $project_data['dev_version'];
        }
        else {
            $project_data['latest_dev'] = $project_data['latest_version'];
        }
    }
    // Figure out the status, based on what we've seen and the install type.
    switch ($project_data['install_type']) {
        case 'official':
            if ($project_data['existing_version'] === $project_data['recommended'] || $project_data['existing_version'] === $project_data['latest_version']) {
                $project_data['status'] = UpdateManagerInterface::CURRENT;
            }
            else {
                $project_data['status'] = UpdateManagerInterface::NOT_CURRENT;
            }
            break;
        case 'dev':
            $latest = $available['releases'][$project_data['latest_dev']];
            if (empty($project_data['datestamp'])) {
                $project_data['status'] = UpdateFetcherInterface::NOT_CHECKED;
                $project_data['reason'] = t('Unknown release date');
            }
            elseif ($project_data['datestamp'] + 100 > $latest['date']) {
                $project_data['status'] = UpdateManagerInterface::CURRENT;
            }
            else {
                $project_data['status'] = UpdateManagerInterface::NOT_CURRENT;
            }
            break;
        default:
            $project_data['status'] = UpdateFetcherInterface::UNKNOWN;
            $project_data['reason'] = t('Invalid info');
    }
}

Functions

Title Deprecated Summary
update_calculate_project_data Calculates the current update status of all projects on the site.
update_calculate_project_update_status Calculates the current update status of a specific project.
update_process_project_info Determines version and type information for currently installed projects.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.