Mercurial > hg > isophonics-drupal-site
view core/modules/update/src/Access/UpdateManagerAccessCheck.php @ 13:5fb285c0d0e3
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've
been lucky to get away with this so far, as we don't support self-registration
which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5
was vulnerable to.
| author | Chris Cannam |
|---|---|
| date | Mon, 23 Apr 2018 09:33:26 +0100 |
| parents | 4c8ae668cc8c |
| children |
line wrap: on
line source
<?php namespace Drupal\update\Access; use Drupal\Core\Access\AccessResult; use Drupal\Core\Routing\Access\AccessInterface; use Drupal\Core\Site\Settings; /** * Determines whether allow authorized operations is set. */ class UpdateManagerAccessCheck implements AccessInterface { /** * Settings Service. * * @var \Drupal\Core\Site\Settings */ protected $settings; /** * Constructs a UpdateManagerAccessCheck object. * * @param \Drupal\Core\Site\Settings $settings * The read-only settings container. */ public function __construct(Settings $settings) { $this->settings = $settings; } /** * Checks access. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access() { // Uncacheable because the access result depends on a Settings key-value // pair, and can therefore change at any time. return AccessResult::allowedIf($this->settings->get('allow_authorize_operations', TRUE))->setCacheMaxAge(0); } }